gmail smime, sends two messages one is not encrypted. Experience?

Uwe Brauer oub at mat.ucm.es
Sun Dec 8 10:38:43 CET 2019


   > Uwe Brauer via Gnupg-users wrote:

   > Sorry, I can't help you but I do have a question, if you don't mind ...

   > Why are the Students at the University don't use OpenPGP with Gmail
   > via the free Mailvelope add-on for Firefox, Chrome? Wouldn't that be
   > not cheaper instead of purchasing a whole lot of S/MIME certificates?

Well, first of all the university decided to use (as a understand,
without charge) gmail services, since they could not effort to run their
own server.

Now to the question s/mime versus gnupg.

There are the following points which make s/mime easier.

    1. Key generation. In s/mime you apply for a certificate and don't
       have to generate the key by yourself.

    2. Key interchange. This is in my experience the biggest problem for
       most users. In s/mime it is sufficient to send a sign message, it
       contains the public key of the sender (I don't want now to enter
       the technical details)

    3. Software: if you use a proper MTA s/mime is usually included,
       while pgp is not, but a plugin has to be installed.


If the user is using gmail's webinterface, which, unfortunately more and
more users are doing, things get more complicated. You mentioned
mailvelop, but again this is a plugin to be installed, while now gmail
(at least for its business/academic suite) offers s/mime support
natively.

Last but not least, a lot of people in my university now posses a first
class certificate anyhow, provided by the Spanish administration, which can be
used for all sort of things, one of them to use it for encrypted emails.

I hope that makes it clear why s/mime is preferred of pgp.

Uwe Brauer 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5025 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20191208/5f7a5442/attachment-0001.bin>


More information about the Gnupg-users mailing list