GnuPG for a small company -- Questions before I start
Joseph Oreste Bruni
jbruni at mac.com
Thu May 17 05:38:46 CEST 2007
On May 16, 2007, at 5:08 AM, Jim Berland wrote:
> P.S.: I never came into contact with certificates like the ones from
> Thawte or CACert.org before and I don't know anybody who uses them.
> Considering the problems I see with GPG for this task, though, I
> wonder if certificates would do the job better or easier. Is this even
> the way other companies are going?
Conceptually there isn't anything really different between X.509
certificates and PGP keys with regards to encrypting email, other
than the trust models typically employed by each.
In the certificate model, one's certificate is issued by an
implicitly trusted third party. The root certificates are pre-
installed by the operating system or software vendors and they just
work. Most email clients make using them quite simple.
PGP supports the rooted trust model, but it also supports other
models. Typically, although not exclusively, PGP uses the web of
trust where you must exchange keys ahead of time, and cross sign them
to establish explicit trust.
In practice, however, I can get non-technical people using
certificates in a lot less time then it takes to get them using PGP.
On the other hand, if you are encrypting files to be distributed via
HTTP or FTP, I find PGP a lot easier to work with than certificates.
In reality the two technologies are almost identical, but the end-
user tools need a lot of work to truly blur the current artificial
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2508 bytes
Desc: not available
Url : /pipermail/attachments/20070516/aa0a3502/attachment.bin
More information about the Gnupg-users