S/MIME or PGP/MIME?

Paul Holman pablos@kadrevis.com
Fri Dec 7 02:18:01 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> it's difficult to find any sobre information about why
> two specs exist and what the difference is.

At this point, the two specs exist and are driven in part by different 
philosophies regarding the trust model.  While technically speaking, 
either could support the other's trust model, it isn't particularly 
inviting to do so.  S/MIME inherits the X.509 convention of a 
hierarchical trust model - I trust your key because Verisign says it is 
your key and we all trust Verisign.  The OpenPGP Web of Trust works on a 
decentralized trust model, where trust in a key is based on one or more 
degrees of separation created by users signing each other's keys - You 
trust my key because you trust Bob's key, and he signed my key.  All of 
this is necessary to create comprehensive trust for the keys in use.

OpenPGP is by far the more popular standard among people actually using 
email encryption.  That said, there is a lot of room for improvement in 
OpenPGP integration with mailer software.  S/MIME has had some very 
clean mailer integration that should inspire new work on supporting 
OpenPGP.

pablos.
- --
Paul Holman
Kadrevian Nonlinear Accelerator
pablos@kadrevis.com
415.420.3806
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (Darwin)
Comment: For info see http://www.gnupg.org

iD8DBQE8EBcEiOayAT9atWkRAgz+AKCZ8wl2HyF+pMVlmbWQp0X83SNuowCfcALg
WgxwEAb0H4I2xpho92jf6aU=
=tTjf
-----END PGP SIGNATURE-----