Apple Mail and Thawte vs thunderbird with Enigmail OpenPGP

Andrew Jorgensen andrew at jorgensenfamily.us
Mon May 5 14:25:09 MDT 2008


On Mon, 2008-05-05 at 13:54 -0600, Brandon Stout wrote:
> Are there compatibility problems between Thawte and OpenPGP?  I can see 
> signed mail coming from one person's Apple Mail signed with a Thawte 
> sig, but the person using Apple Mail doesn't get my signature when I 
> send with Thunderbird using my OpenPGP signature.

Can. Of. Worms.

S/MIME and PGP are two completely different PKIs (okay someone can argue
that PGP isn't a PKI).  Different formats, different algorithms (some
the same I'm sure), different trust models, different user bases.

S/MIME is generally supported by commercial email clients.  PGP is
generally supported by open source email clients.  Some clients support
both and most can support both with added plugins.

Even if this user had been able to see your signature they would not be
able to trust it unless they had been initiated into the PGP world.
This is, if you haven't already guessed, the main (perhaps only) problem
with the PGP trust model.

The S/MIME trust model is the SSL trust model.  A select few
organizations (Thawte is one) are assumed to be trusted and they assert
trust in their clients.

Actually there's some overlap in the trust models.  You can have your
PGP key signed by keyserver.pgp.com (in which case they're the assumed
trust org) and to get your name on a Thawte certificate you have to get
your identity asserted by someone in their web of trust.

If anyone decides they'd like a Thawte certificate I and a few
colleagues at Novell can assert your identity.  Email me off-list.




More information about the PLUG mailing list