|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: PEM(?)
> L. Sassaman: Saturday, July 01, 2000 3:28 PM > On Sat, 1 Jul 2000, Roeland M.J. Meyer wrote: > > > The thing is that folks ARE using it. Just, not in public. > > Well, that's understandable. If I were an S/MIME user, I > wouldn't want the > public to know! > > ;) I understand the ;) but my point was that much S/MIME traffic goes over intra-nets and VPNs, with maybe a short hop over the Internet. > > That may or may not be true. Letting things sink to common terms, > > we have been discussing S/MIME vs PGP, via PKI debate. What sort > > of PKI would be most useful for NANOG participants? My contention > > is for OpenSSL style CA that issues certs usable for both S/MIME > > and SSL. In addition, I have a project that would let SSH use > > *.pem files from OpenSSL, issued by OpenCA. What we would have > > then is a single Key/Cert that would work with SSH, S/MIME, and > > SSL. I can't see a way to get PGP to cover the same ground. > > PGP works with newer versions of SSH. I see no need for S/MIME to > exist. And I don't see SSL incompatability as a barier to > using PGP with > email. How about viewing web-based mail and list archives? The S/MIME cert is also a client-side cert and can be used in lieu of user/passwd. > (For the record, there is an Internet draft on using PGP with TLS, and > Apache can easily be modified to use PGP keys... the problem > is browser > support, and not a limitation in PGP.) If the browsers do not support it then it is a PGP problem because the users cannot use it. Where can I get the links to the Apache/PGP effort? I don't find them at apache.org. Also, what is the W3C position?
|