L. Sassaman: Saturday, July 01, 2000 3:28 PM
On Sat, 1 Jul 2000, Roeland M.J. Meyer wrote:
The thing is that folks ARE using it. Just, not in public.
Well, that's understandable. If I were an S/MIME user, I wouldn't want the public to know!
;)
I understand the ;) but my point was that much S/MIME traffic goes over intra-nets and VPNs, with maybe a short hop over the Internet.
That may or may not be true. Letting things sink to common terms, we have been discussing S/MIME vs PGP, via PKI debate. What sort of PKI would be most useful for NANOG participants? My contention is for OpenSSL style CA that issues certs usable for both S/MIME and SSL. In addition, I have a project that would let SSH use *.pem files from OpenSSL, issued by OpenCA. What we would have then is a single Key/Cert that would work with SSH, S/MIME, and SSL. I can't see a way to get PGP to cover the same ground.
PGP works with newer versions of SSH. I see no need for S/MIME to exist. And I don't see SSL incompatability as a barier to using PGP with email.
How about viewing web-based mail and list archives? The S/MIME cert is also a client-side cert and can be used in lieu of user/passwd.
(For the record, there is an Internet draft on using PGP with TLS, and Apache can easily be modified to use PGP keys... the problem is browser support, and not a limitation in PGP.)
If the browsers do not support it then it is a PGP problem because the users cannot use it. Where can I get the links to the Apache/PGP effort? I don't find them at apache.org. Also, what is the W3C position?