Any way to get smaller key sizes?

Olaf Gellert og at
Wed Sep 28 14:10:25 CEST 2005

Alaric Dailey wrote:

> No, this is an S/MIME signature, basically SSL technology for emails. as
> it appears much cleaner in modern email clients than PGP.  But it
> appears MUCH cleaner than PGP, and and modern email clients validate the
> signatures automatically, and without additional software.  Also using
> an S/MIME to sign emails means that I can sign ALL my emails  and they
> won't scare the unwashed masses, not to mention I get the additional
> benefit of using the CA as a "Trusted Introducer".

Thanks for your unwanted comment. You can verify S/MIME-
signatures with gpgsm (a tool with nearly the same command-
line interface as gpg). This is the way kmail verifies
S/MIME emails. And I have no trouble in using both GPG
and S/MIME in Mozilla/Thunderbird. So why vote for less?

S/MIME (X.509) and OpenPGP use a different model of
trust, so if the S/MIME model fits your needs better,
it does not mean that OpenPGP is bad. Getting an S/MIME-
certificate that is validated successfully by the
normal applications usually requires some money (as
you need it to be issued by a trusted CA). If you
have special requirements of trust (for example if
you want to use X.509 certificates for login), you have
to establish your own CA (and end up with your certificates
being untrusted by default), so you have different
troubles in the X.509 world.

As always: The world is not black and white. :-)


Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og at

                        A daily view on Internet Attacks

More information about the Gnupg-users mailing list