Bennett Todd: Saturday, July 01, 2000 11:51 AM
2000-07-01-11:37:00 Roeland M.J. Meyer:
PEM is being used on every ecommerce site site now, to implement SSL.
Huh? X.509 certs and SSL are used, but certainly not PEM or S/MIME.
I've never, as far as I know of, seen a working PEM implementation, or piece of PEM traffic. It's so lost in the noise I really
Uhmmm, >disconnect<, I was talking about the certs, not the protocol. thought
it was completely dead until this thread popped up.
PGP is used all over the place.
TLS (nee SSL) has its uses, that's sure, and once the RSA
So is S/MIME. Every Outlook MUA does it. There's a whole lot more outlook running out there than most anything else, except Netscape Messenger. patent
expires I expect to be using it a lot more, but TLS has nothing to do with PEM, nothing even in common other than a cert format, and reformatting certs is no biggie.
The real difference between the two is that S/MIME is based on
model of creating and subsidizing an artificial monopoly for
As I said above, I was discussing the cert format. After all PGP is not a protocol and SSL is. Using the same certs for both simplifies life. BTW, there are only a few months left on the RSA patent. Ergo, it's as good as not there, for current planning purposes. IOW, irrelevent. the the
CAs, while PGP is not. Unless you're a CA, it's an easy choice:-).
Patently not true. Anyone can instantiate a CA. No one is telling you that you can't. In fact, most of MHSC clients instantiate their own internal CA (at our urging), rather than use the commercial CAs. It's not much of a monopoly when you can do that. OpenCA opens the doors for that sort of thing, even further. Also, subsidy implies some sort of cash flow, where is it? Did you know that every copy of MS-IIS includes free working CA software? That doesn't do the CA "monopoly" much good, does it? It's right there, in the options pack for WinNTserver4SP5. Please forgive my response, I see this type of mis-use of the "monopoly" and "subsidy" emotive buttons all the time, on the domain policy lists. Usually by reactionaries that try to win the emotional argument over the substantive one. I wasn't expecting it here. It irritates me.