North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RE: PGP kerserver infrastructure
> From: Albert Levi: Thursday, June 29, 2000 7:35 PM > > "Roeland M.J. Meyer" wrote: > > > Most modern mailers support X.509 certs for encryption. PGP is > > considerd, by many, to be the older technology. Building PKI > > around X.509 is much easier and meets actual existing standards. > > Well, X.509 is as old as PGP (rf. PEM which was X.509 based). I agree > that X.509 based PKIs are easier to built, but easiness does not mean > usability. The trust structures embedded in X.509 certs are not > acceptable for a large number of PGP users. > > I think the large number of PGP users and the current grow rate > determine whether it is old or not. Maybe it is not the > "standard", but > that many PGP users could not be wrong ! It is not an issue of right/wrong. Rather, it is an issue of what is most usable to the most people. SSL certs are certainly more usable to many. PGP works with ancient CLI mailers and older GUI mailers. All modern GUI mailers support X.509 keys for message encryption and even let you use the same cert for SSL protected POP3. PGP, OTOH, only encrypts the message body, this is why it's popularity is reducing. In addition, even you agree that an X.509 PKI is easier to build. Maybe because of the reasons I give here.