RE: GPG and Signing

To: <debian-user@lists.debian.org>
Subject: RE: GPG and Signing
From: "Seth Goodman" <sethg@goodmanassociates.com>
Date: Wed, 4 Apr 2007 15:54:49 -0500
Message-id: <[🔎] MHEGIFHMACFNNIMMBACAKEJGOPAA.sethg@goodmanassociates.com>
Reply-to: <sethg@goodmanassociates.com>
In-reply-to: <[🔎] 877istqfwm.fsf@fjellstad.org>

John L Fjellstad wrote on Tuesday, April 03, 2007 4:58 PM -0500:

> The reason you and people who use OE see it as an attachment is
> because MS is unable to implement an 11 years old standard.
> This page (http://www.imc.org/smime-pgpmime.html) has a discussion
> about the different standards (PGP/MIME and S/MIME) and links to the
> different RFCs.

S/MIME was intended to work with a certification authority (CA) model
based on a small number of universally trusted root CA's, while PGP
assumed a distributed web of trust model based on personal relationships
between individual users.  There's no technical reason a CA can't sign a
PGP key, but this was not the intended mode of use.  I suggest the
problem wasn't MS's inability to implement PGP (it's no harder than
S/MIME), but more likely they couldn't see a way to make money from it.
Instead, they built native S/MIME support into their MUA's, built a
certificate store into their operating system and bought VeriSign.

--
Seth Goodman

Reply to:

Follow-Ups:
- Re: GPG and Signing
  - From: John L Fjellstad <john-debian@fjellstad.org>

References:
- Re: GPG and Signing
  - From: John L Fjellstad <john-debian@fjellstad.org>

Prev by Date: Re: GPL v3?
Next by Date: Re: GPL v3?
Previous by thread: Re: GPG and Signing
Next by thread: Re: GPG and Signing
Index(es):
- Date
- Thread