North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RE: PGP kerserver infrastructure
> Bennett Todd: Saturday, July 01, 2000 11:51 AM > > 2000-07-01-11:37:00 Roeland M.J. Meyer: > > PEM is being used on every ecommerce site site now, to implement > > SSL. > > Huh? X.509 certs and SSL are used, but certainly not PEM or S/MIME. Uhmmm, >disconnect<, I was talking about the certs, not the protocol. > I've never, as far as I know of, seen a working PEM implementation, > or piece of PEM traffic. It's so lost in the noise I really thought > it was completely dead until this thread popped up. > > PGP is used all over the place. So is S/MIME. Every Outlook MUA does it. There's a whole lot more outlook running out there than most anything else, except Netscape Messenger. > TLS (nee SSL) has its uses, that's sure, and once the RSA patent > expires I expect to be using it a lot more, but TLS has nothing to > do with PEM, nothing even in common other than a cert format, and > reformatting certs is no biggie. As I said above, I was discussing the cert format. After all PGP is not a protocol and SSL is. Using the same certs for both simplifies life. BTW, there are only a few months left on the RSA patent. Ergo, it's as good as not there, for current planning purposes. IOW, irrelevent. > The real difference between the two is that S/MIME is based on the > model of creating and subsidizing an artificial monopoly for the > CAs, while PGP is not. Unless you're a CA, it's an easy choice:-). Patently not true. Anyone can instantiate a CA. No one is telling you that you can't. In fact, most of MHSC clients instantiate their own internal CA (at our urging), rather than use the commercial CAs. It's not much of a monopoly when you can do that. OpenCA opens the doors for that sort of thing, even further. Also, subsidy implies some sort of cash flow, where is it? Did you know that every copy of MS-IIS includes free working CA software? That doesn't do the CA "monopoly" much good, does it? It's right there, in the options pack for WinNTserver4SP5. Please forgive my response, I see this type of mis-use of the "monopoly" and "subsidy" emotive buttons all the time, on the domain policy lists. Usually by reactionaries that try to win the emotional argument over the substantive one. I wasn't expecting it here. It irritates me.