[29623] in North American Network Operators' Group
Re: PGP kerserver infrastructure
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Jun 30 11:16:21 2000
Message-Id: <200006301513.e5UFDQP31662@black-ice.cc.vt.edu>
To: rmeyer@mhsc.com
Cc: nanog@merit.edu
In-Reply-To: Your message of "Fri, 30 Jun 2000 01:07:18 PDT."
<000401bfe26a$36ac5e60$eaaf6cc7@PEREGRIN>
From: Valdis.Kletnieks@vt.edu
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1604565896P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Fri, 30 Jun 2000 11:13:25 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_1604565896P
Content-Type: text/plain; charset=us-ascii
On Fri, 30 Jun 2000 01:07:18 PDT, "Roeland M.J. Meyer" said:
> It is not an issue of right/wrong. Rather, it is an issue of what
> is most usable to the most people. SSL certs are certainly more
> usable to many. PGP works with ancient CLI mailers and older GUI
> mailers. All modern GUI mailers support X.509 keys for message
All modern GUI? Odd.. I didn't add X.509 to Exmh yet. ;)
Eudora 4.3, which certainly qualifies as "modern GUI" doesn't seem to
come with X.509 support, although it does come with a PGP plugin bundled.
If there *is* X.509 support, feel free to point it at me.
I know Netscape seems to support pcks-7 signatures, and I'm unsure what
Outlook supports.
> encryption and even let you use the same cert for SSL protected
> POP3. PGP, OTOH, only encrypts the message body, this is why it's
Umm.. note that the message headers have to be in cleartext for the MTA
to be able to deal with them. Sendmail 8.11 (currently in Beta) will
support TLS for the inter-MTA hop. However, given that Sendmail has
between 70% and 90% of the MTA market, your *current* chances of doing
long-haul e-mail with encrypted headers is rather low.
Just because you use SSL for the MUA-to-MTA transmission does NOT mean that
you have a crypto-secure MUA-to-MUA connection.
> popularity is reducing. In addition, even you agree that an X.509
Popularity reducing? Didn't I just see where the keyservers are seeing
an additional 2,500 keys *per day*? Given the 1M keys they say they
have currently, I work that out to 7.5% growth *PER MONTH*. Not bad
for popularity reducing...
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
--==_Exmh_1604565896P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2
Comment: Exmh version 2.2 06/16/2000
iQA/AwUBOVy5FXAt5Vm009ewEQK9VwCeIcNNfaANkwtB8CMJDqDyEb9i/pEAoJhi
jBD6LH7U2hHejg5kr/IMHbdQ
=xgEG
-----END PGP SIGNATURE-----
--==_Exmh_1604565896P--
