|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: PGP kerserver infrastructure
On Fri, 30 Jun 2000 01:07:18 PDT, "Roeland M.J. Meyer" said: > It is not an issue of right/wrong. Rather, it is an issue of what > is most usable to the most people. SSL certs are certainly more > usable to many. PGP works with ancient CLI mailers and older GUI > mailers. All modern GUI mailers support X.509 keys for message All modern GUI? Odd.. I didn't add X.509 to Exmh yet. ;) Eudora 4.3, which certainly qualifies as "modern GUI" doesn't seem to come with X.509 support, although it does come with a PGP plugin bundled. If there *is* X.509 support, feel free to point it at me. I know Netscape seems to support pcks-7 signatures, and I'm unsure what Outlook supports. > encryption and even let you use the same cert for SSL protected > POP3. PGP, OTOH, only encrypts the message body, this is why it's Umm.. note that the message headers have to be in cleartext for the MTA to be able to deal with them. Sendmail 8.11 (currently in Beta) will support TLS for the inter-MTA hop. However, given that Sendmail has between 70% and 90% of the MTA market, your *current* chances of doing long-haul e-mail with encrypted headers is rather low. Just because you use SSL for the MUA-to-MTA transmission does NOT mean that you have a crypto-secure MUA-to-MUA connection. > popularity is reducing. In addition, even you agree that an X.509 Popularity reducing? Didn't I just see where the keyservers are seeing an additional 2,500 keys *per day*? Given the 1M keys they say they have currently, I work that out to 7.5% growth *PER MONTH*. Not bad for popularity reducing... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech Attachment:
pgp00009.pgp
|