Re: S/MIME MUA
"J.H.M. Dassen (Ray)" <email@example.com> writes:
> On Tue, Jul 25, 2000 at 13:17:01 +1000, Brian May wrote:
> >> I am actually using mutt but I just discovered that it handle PGP/MIME
> >> (rfc2015) and not S/MIME (rfs2633-4).
> > What is the difference? I thought that there was only one standard...
> The beauty of standards...
> S/MIME is an older standard based on a hierarchical public key
> infrastructure using certificate authorities (similar to, or perhaps the
> same as for SSL). AFAIK it is not used much outside specific communities;
> Netscape is the only Linux MUA I'm aware of that supports it.
Older and newer. See <URL:http://www.imc.org/smime-pgpmime.html>.
PGP/MIME and openPGP are relatively new (probably more recent than
S/MIMEv2), but S/MIMEv3 is even newer, I think.
It used to be that it was pretty hard to provide S/MIME in free
software (it relies on the open standards, X.509 and so on, which,
while open, aren't free---and they're also pretty complex). Nowadays
it shouldn't be: openssl 0.9.5a provides enough support to get going
(and gnus is beginning to provide support---it can sign things,
although you can't do anything else), and there's a reference
implementation of S/MIME v3 available (see the IMC web page above)
under a pretty public domain license (sort of BSD, I think).
There's still the RSA issue (for a couple of months): whatever the
RFCs say, if you want to interoperate with common clients, you need to
> PGP/MIME is based on PGP/GnuPG, with the familiar guerilla-style
> non-hierarchical "web of trust". It is supported by mutt and others.
Yes. The big disadvantage to PGP/MIME is that getting it actually to
work with Outlook, Netscape, etc., is non-trivial. For interworking
with people using other operating systems, S/MIME is much easier.
Lots of GNU/Linux clients can do PGP/MIME (or something close). I'm
surprised I haven't seen more things using the new openssl features to
do S/MIME (so far, gnus seems to be it). I'm also surprised not to
see anything using the S/MIME freeware library. Maybe it'll all start
appearing after the RSA patent finally expires?