S/MIME or PGP/MIME?
Paul Holman
pablos@kadrevis.com
Fri Dec 7 02:18:01 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> it's difficult to find any sobre information about why
> two specs exist and what the difference is.
At this point, the two specs exist and are driven in part by different
philosophies regarding the trust model. While technically speaking,
either could support the other's trust model, it isn't particularly
inviting to do so. S/MIME inherits the X.509 convention of a
hierarchical trust model - I trust your key because Verisign says it is
your key and we all trust Verisign. The OpenPGP Web of Trust works on a
decentralized trust model, where trust in a key is based on one or more
degrees of separation created by users signing each other's keys - You
trust my key because you trust Bob's key, and he signed my key. All of
this is necessary to create comprehensive trust for the keys in use.
OpenPGP is by far the more popular standard among people actually using
email encryption. That said, there is a lot of room for improvement in
OpenPGP integration with mailer software. S/MIME has had some very
clean mailer integration that should inspire new work on supporting
OpenPGP.
pablos.
- --
Paul Holman
Kadrevian Nonlinear Accelerator
pablos@kadrevis.com
415.420.3806
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (Darwin)
Comment: For info see http://www.gnupg.org
iD8DBQE8EBcEiOayAT9atWkRAgz+AKCZ8wl2HyF+pMVlmbWQp0X83SNuowCfcALg
WgxwEAb0H4I2xpho92jf6aU=
=tTjf
-----END PGP SIGNATURE-----