Full Disclosure mailing list archives
Re: PGP vs. certificate from Verisign
From: yossarian <yossarian () planet nl>
Date: Sat, 10 May 2003 02:57:12 +0200
What I wonder - will Verisign have set up CRL servers yet? Remember the IE problem when someone got hold of MS certificates? The MS-fix was blacklisting them locally, the real problem was that there was no revocation servers. Then again, how many concurrent connections would they get if MS sent out a critical update? So - stick to PGP - forget about PKI. ----- Original Message ----- From: "Evans, TJ (BearingPoint)" <tjevans () bearingpoint net> To: <full-disclosure () lists netsys com> Sent: Friday, May 09, 2003 11:48 PM Subject: RE: [Full-disclosure] PGP vs. certificate from Verisign
At one time, i.e. - don't know if it still the case - Thawte would issue a "personal cert" free. One advantage PGP has is the existing infrastructure for key distribution, so that you do not necessarily need to have someone's public key (yet) in order to encrypt to them or verify their signature. If they have pushed
it
out to the publicly accessible key-servers you can get it as needed. But again - it depends on what problem you are trying to solve and your preferred method of doing so. TJ -----Original Message----- From: Anne Carasik [mailto:gator () mail cacr caltech edu] Sent: Friday, May 09, 2003 3:46 PM To: Kamal Habayeb Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] PGP vs. certificate from Verisign OpenPGP is free :) as are other implementations of PGP. Paying VeriSign to create a digital certificate for you is not worth it, considering most of the encryption you run into in the wild is PGP keys. -Anne Kamal Habayeb grabbed a keyboard and typed...Greetings, I'm trying to get some expert opinions on which is better. Using
Outlook
2002, would it be better to use PGP to encrypt messages or use thebuilt-inoption with a digital certificate from Verisign (or some other CA)? Thanks, Kamal
**************************************************************************** **
The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system.
**************************************************************************** **
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: PGP vs. certificate from Verisign, (continued)
- Re: PGP vs. certificate from Verisign Steve Poirot (May 10)
- Re: PGP vs. certificate from Verisign Derek Atkins (May 10)
- Re: PGP vs. certificate from Verisign Ben Laurie (May 10)
- Re: PGP vs. certificate from Verisign Jason (May 10)
- Re: PGP vs. certificate from Verisign yossarian (May 10)
- [OFFTOPIC] PGP vs. certificate from Verisign Kurt Seifried (May 10)
- Re: [OFFTOPIC] PGP vs. certificate from Verisign yossarian (May 10)
- Re: PGP vs. certificate from Verisign Steve Poirot (May 10)
- Re: PGP vs. certificate from Verisign Jason (May 10)
- Re: PGP vs. certificate from Verisign Georgi Guninski (May 11)
- Re: PGP vs. certificate from Verisign yossarian (May 09)
- Re: PGP vs. certificate from Verisign Jason (May 10)
- Re: PGP vs. certificate from Verisign yossarian (May 10)
- Re: PGP vs. certificate from Verisign Jason (May 10)
- Re: PGP vs. certificate from Verisign yossarian (May 10)