Should I use S/MIME?
Werner Koch
wk at gnupg.org
Fri Nov 5 21:59:48 CET 2004
On Fri, 05 Nov 2004 09:40:23 -0600, Aleksandar Milivojevic said:
> On the technical side, I never liked the fact that S/MIME signature
> contains certificate (public key signed by CA) needed to verify
> signature as part of it. It makes S/MIME signatures huge in
To be frank, that is not a technical requirement but common use
because there is no other way to get the required certificates. That
is all due to the X.500 design of having unique global hierachical
directory system - which will fortunately never become reality.
The real technical problem with X.509 is the incompatibilty: There is
a standard and dozens of incompatible profiles to interpret the
standard - as well as hundreds of implementations with their own
interpretation of the implemented profile. To solve that the
committees added new features and requirements to the
standard/profile/implementation to fix the problems.
With OpenPGP there are only a few implementations and the developers
actually talk to each other. OpenPGP solves the trust problem the
easy way: It does not enforce any semantics, it just provides the
technical means to implement what ever you like.
Salam-Shalom,
Werner
More information about the Gnupg-users
mailing list