Apple Mail and Thawte vs thunderbird with Enigmail OpenPGP
jonathan at bluesunhosting.com
Tue May 6 08:51:59 MDT 2008
On 05 May 2008, at 14:25, Andrew Jorgensen wrote:
> On Mon, 2008-05-05 at 13:54 -0600, Brandon Stout wrote:
>> Are there compatibility problems between Thawte and OpenPGP? I can
>> signed mail coming from one person's Apple Mail signed with a Thawte
>> sig, but the person using Apple Mail doesn't get my signature when I
>> send with Thunderbird using my OpenPGP signature.
> Can. Of. Worms.
> S/MIME and PGP are two completely different PKIs (okay someone can
> that PGP isn't a PKI). Different formats, different algorithms (some
> the same I'm sure), different trust models, different user bases.
> S/MIME is generally supported by commercial email clients. PGP is
> generally supported by open source email clients. Some clients
> both and most can support both with added plugins.
> Even if this user had been able to see your signature they would not
> able to trust it unless they had been initiated into the PGP world.
> This is, if you haven't already guessed, the main (perhaps only)
> with the PGP trust model.
> The S/MIME trust model is the SSL trust model. A select few
> organizations (Thawte is one) are assumed to be trusted and they
> trust in their clients.
> Actually there's some overlap in the trust models. You can have your
> PGP key signed by keyserver.pgp.com (in which case they're the assumed
> trust org) and to get your name on a Thawte certificate you have to
> your identity asserted by someone in their web of trust.
> If anyone decides they'd like a Thawte certificate I and a few
> colleagues at Novell can assert your identity. Email me off-list.
This is all good information. I use Apple Mail. I have thought about
using PGP before but it did not seem as well supported, so I went
I am looking to get notary status on the WoT so I will be contacting
you off list.
More information about the PLUG