gpgsm and expired certificates
oub at mat.ucm.es
Sun Oct 27 15:46:05 CET 2013
>> "Werner" == Werner Koch <wk at gnupg.org> writes:
> On Sun, 27 Oct 2013 10:23, pete at heypete.com said:
>> Correct, though it is possible (but usually recommend against) to
>> create a new certificate using the same private keypair as before. In
> The business model of most CAs is to sell you a subscription by
> setting the expiration time very low so that they can ask after a
> year for another fee to create a new certificate. Here it does not
> make sense to create a new private key every year.
Well comodo is free (still) and to prolong the certificate seems free to for
the moment, but I agree I would prefer a government based organisation
which provides this service to its citizen (especially because of all
which was lately revealed about the NSA)
> GnuPG basically does the same by allowing you to prolong the expiration
I don't want to enter a flame war here and in principle I'd prefer gpg
over smime but in reality I have to use smime, because
- it is implemented in almost all MUA while gpg is not
- it is so much easier to install for the people I communicate with
I recall that I tried to convince gpg and after some hours he almost
yelled at me, while he was able to set up smime in 5 minutes.
The reasons for this are the following.
- As I said smime is already installed in almost all MUA, so no
need to install gpg and to install a plugin for the MUA
- the user does not have to generate a keypair. Well this is not
entirely true, as we mentioned earlier, but the user applies for
a certificate picks it up and he is set.
- the user does not have to exchange public keys, he just sends a
signed message which includes his public key.
So if the big MUAS and not only thunderbird, but at least outlook apple
mail, and iOS mail, would
- support gpg natively
- when use gpg in the mailreader for the first time, it would
silently generate a key pair
- when sending a signed message it would always embed the public
key in the signature
Then a think gpg would be as easy to use as smime, but till then....
 I tried to use gpg on a non jailbroken iPhone and it is honestly a hassle.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5556 bytes
Desc: not available
More information about the Gnupg-users