Re: [uug] all this gpg stuff

[Andrew Jorgensen]

I don't use GPG. I sign my emails with a cert I got from Thawte for free (as in beer, um apple juice, i guess). I use the SMIME features that mozilla comes with.

Personally I'm more comfortable with SMIME. If my cert includes my name (which is doesn't yet) that means that a few people who's identities have already been established have checked my ID and verified that I am who I say I am. SMIME, PKIX, etc. are more of an industry standard than PGP/GPG.

From what I understand PGP is more of an "I say I am who I am" thing than a "Several people, or even organizations, can vouch for my identity" thing.

Considering the troubles PGP has had (with NAI, etc.) and it's lack of acceptance in industry (I could be wrong there), I think SMIME is probably the way to go.

Anyone want to disagree? (Not trying to start a holy war, just want to learn why some of you use GPG instead of SMIME.)

One point might be the status of the standards. Someone mentioned that the RFCs about PGP et.al. are still just proposals and have been stagnant for several years. PKIX et.al. have been official standards for a while now and are considered mature.

Another point you might make is that it's a bigger pain to get a cert for SMIME. My counterpoint would be that it should be, else how do I know it's really you.

Does GPG give you a false sense of security? Or can you justify that sense?

Happily learning all I can,

Andrew


____________________
BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________
List Info: http://phantom.byu.edu/cgi-bin/mailman/listinfo/uug-list