North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: PGP kerserver infrastructure

  • From: Valdis.Kletnieks
  • Date: Fri Jun 30 11:18:21 2000

On Fri, 30 Jun 2000 01:07:18 PDT, "Roeland M.J. Meyer" said:
> It is not an issue of right/wrong. Rather, it is an issue of what
> is most usable to the most people. SSL certs are certainly more
> usable to many. PGP works with ancient CLI mailers and older GUI
> mailers. All modern GUI mailers support X.509 keys for message

All modern GUI? Odd.. I didn't add X.509 to Exmh yet. ;)

Eudora 4.3, which certainly qualifies as "modern GUI" doesn't seem to
come with X.509 support, although it does come with a PGP plugin bundled.
If there *is* X.509 support, feel free to point it at me.

I know Netscape seems to support pcks-7 signatures, and I'm unsure what
Outlook supports.

> encryption and even let you use the same cert for SSL protected
> POP3. PGP, OTOH, only encrypts the message body, this is why it's

Umm.. note that the message headers have to be in cleartext for the MTA
to be able to deal with them.  Sendmail 8.11 (currently in Beta) will
support TLS for the inter-MTA hop.  However, given that Sendmail has
between 70% and 90% of the MTA market, your *current* chances of doing
long-haul e-mail with encrypted headers is rather low.

Just because you use SSL for the MUA-to-MTA transmission does NOT mean that
you have a crypto-secure MUA-to-MUA connection.

> popularity is reducing. In addition, even you agree that an X.509

Popularity reducing? Didn't I just see where the keyservers are seeing
an additional 2,500 keys *per day*?  Given the 1M keys they say they
have currently, I work that out to 7.5% growth *PER MONTH*.  Not bad
for popularity reducing...

				Valdis Kletnieks
				Operating Systems Analyst
				Virginia Tech

Attachment: pgp00009.pgp
Description: PGP signature