I have S/MIME vs GPG questions.

Steven W. Orr steveo at syslang.net
Mon Jun 1 12:35:29 EDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Some of this is technical and some clearly fluctuates between ranting and 
a political perspective.

Sometimes I get lucky here, so let's see how I do.

I'm using alpine-2.00 for my mail client. I see that alpine has some 
S/MIME support and I think I understand how to create self-signed certs 
for myself. After that I have a number of questions that are confusing me.

* What are the pros and cons of using GPG to sign/encrypt versus using 
S/MIME? I understand that S/MIME provides for signing by an attachment. Is 
this better?

* Even if I don't have a cert already created, why does alpine not perform the 
verification of S/MIME messages for me when I get such messages? And how can I 
make this happen automatically when they happen? Do S/MIME people publish 
their public keys the same way the PGP/GPG people do? Or is it different?

* What really is a good book to read on S/MIME? I have read the GPG material 
but S/MIME is not a topic of discussion in that literature. The alpine 
docs tell you what S/MIME support exists, but it sort of presumes that you 
know what it is in the first place. BTW, I just picked up the OpenSSL book 
which about three pages of S/MIME discussion.

* Does S/MIME (alpine or otherwise) have the capability to look up a public key 
like gpg does? Or do I have to manually trade keys with people?

* I seem to see that the public key created by GPG is really just a simple 
key, while the S/MIME associated public key seems to have full blown X.509 
content, at least the DN component. Does this mean that the S/MIME key is 
a wrapper of X.509 stuff around the key itself, whatever kind of key you 
create?

* Can people recommend more good books to read? I have gone through 
Schneier's Applied Crypt as well as a great jistory book called The Code 
Book. Also, I've read all of the GPG web content I could find.

The technical end aside, I feel strongly motivated to see how to encourage 
more people to *use* this stuff. I talk to people and they look at me like 
I'm nuts for thinking that there's even a good reason for it. Am I alone 
or are there really a lot of people who use and succeed at getting more 
people to use it?

Thanks.

- -- 
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)

iEYEARECAAYFAkokA1IACgkQRIVy4fC+NySo2wCcDEiHkAfF+llT2nEFnwVS+z8U
kdoAnj2PX/BW5qSR6SJYytGqiV/xHZY6
=Ssg7
-----END PGP SIGNATURE-----

More information about the gnhlug-discuss mailing list