Apple Mail and Thawte vs thunderbird with Enigmail OpenPGP

Jonathan Duncan jonathan at bluesunhosting.com
Tue May 6 08:51:59 MDT 2008


On 05 May 2008, at 14:25, Andrew Jorgensen wrote:

> On Mon, 2008-05-05 at 13:54 -0600, Brandon Stout wrote:
>> Are there compatibility problems between Thawte and OpenPGP?  I can  
>> see
>> signed mail coming from one person's Apple Mail signed with a Thawte
>> sig, but the person using Apple Mail doesn't get my signature when I
>> send with Thunderbird using my OpenPGP signature.
>
> Can. Of. Worms.
>
> S/MIME and PGP are two completely different PKIs (okay someone can  
> argue
> that PGP isn't a PKI).  Different formats, different algorithms (some
> the same I'm sure), different trust models, different user bases.
>
> S/MIME is generally supported by commercial email clients.  PGP is
> generally supported by open source email clients.  Some clients  
> support
> both and most can support both with added plugins.
>
> Even if this user had been able to see your signature they would not  
> be
> able to trust it unless they had been initiated into the PGP world.
> This is, if you haven't already guessed, the main (perhaps only)  
> problem
> with the PGP trust model.
>
> The S/MIME trust model is the SSL trust model.  A select few
> organizations (Thawte is one) are assumed to be trusted and they  
> assert
> trust in their clients.
>
> Actually there's some overlap in the trust models.  You can have your
> PGP key signed by keyserver.pgp.com (in which case they're the assumed
> trust org) and to get your name on a Thawte certificate you have to  
> get
> your identity asserted by someone in their web of trust.
>
> If anyone decides they'd like a Thawte certificate I and a few
> colleagues at Novell can assert your identity.  Email me off-list.
>

This is all good information.  I use Apple Mail.  I have thought about  
using PGP before but it did not seem as well supported, so I went  
Thawte's offering.

I am looking to get notary status on the WoT so I will be contacting  
you off list.



More information about the PLUG mailing list