2000-07-01-11:37:00 Roeland M.J. Meyer:
PEM is being used on every ecommerce site site now, to implement SSL.
Huh? X.509 certs and SSL are used, but certainly not PEM or S/MIME. I've never, as far as I know of, seen a working PEM implementation, or piece of PEM traffic. It's so lost in the noise I really thought it was completely dead until this thread popped up. PGP is used all over the place. TLS (nee SSL) has its uses, that's sure, and once the RSA patent expires I expect to be using it a lot more, but TLS has nothing to do with PEM, nothing even in common other than a cert format, and reformatting certs is no biggie. The real difference between the two is that S/MIME is based on the model of creating and subsidizing an artificial monopoly for the CAs, while PGP is not. Unless you're a CA, it's an easy choice:-). -Bennett