Mutt/GnuPG-Outlook-plugin diffs / Support for Microsoft's .epf, .pfx, .p12 ?

gabriel rosenkoetter gr at eclipsed.net
Thu Feb 12 16:48:37 CET 2004


On Thu, Feb 12, 2004 at 04:24:00PM -0500, Luis R. Rodriguez wrote:
> OK that's it. Replacement lookup time. 8) This is a good enough
> "official" reason for me. Anyone know good Outlook replacement for
> windows *with PGP/MIME support? Some initial google'ing shows Enigmail 
> but they're currently working on that site...

Well, *I* use mutt to read my email and Outlook to deal with
appointments and such on the Exchange server at work. But I'm
running NetBSD on one machine and have a WinXP box tossed in the
corner (which I get to with rdesktop from the NetBSD machine, so
that Xinerama can use both monitors on the NetBSD machine).

I can't help you much on the front of GUI mail readers, PGP/MIME-
compliant or not, since I think the Outlook interface is horrendous
and imitations only worse. (That's an opinion, not a value judgement.)

> > The Outlook plugin you're using is only capable of producing
> > clear-signed messages.
> Aw, Shucks...

Well, don't take my word for it, but that's my memory from trying it
out some time ago. Check the documentation. (Doing crypto under an
OS that is both multi-user AND really has no way to provide secure
memory is questionable at best, though.)

> .p12:	PKCS#12 S/MIME certificate
> .pfx:	predecessor to PKCS#12
> .epf:	I'm not sure

"Encapsulated PostFluff", perhaps.

> So it seems these are SSL "client" certificates for browsers. I guess
> you then that they are also used for signing mail too...

Sort of. PKCS is a certificate, rather than PKI, system. The
principle being similar (signature implies faith), but it all
revolves around a single, central signer (the certificate
authority). As near as I can tell from Outlook's interface, anybody
can create a certificate saying they're anybody (they might actually
have to go to the trouble of setting those "anybody" settings within
their copy of Outlook, of course), and then other people using
Outlook will believe their certificate. That doesn't sound very
secure to me, but maybe I'm missing something about the
implementation.

Also, I don't *think* PKCS really defines an encryption algorithm,
just a signing one. So it gets you half of what OpenPGP (or any
other PKI system) gets you.

> I see. I'm new to gpg so I'm wondering, is there a possible
> correspondance between public keys and these ssl certs (I think they are ssl
> certs)?
> 
> Or is this like comparing apples and orranges?

The latter.

-- 
gabriel rosenkoetter
gr at eclipsed.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : /pipermail/attachments/20040212/77b8282e/attachment.bin


More information about the Gnupg-users mailing list