OpenPGP (GnuPG) vs. S/MIME

[Ben Nelson <lists () venom600 org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'd like to open a discussion about PGP vs. S/MIME .

I've been pondering secure (or at least verifiable) mail lately and I
see these two standards as the main options available at this point.

It seems to me that PGP is the better of the two options because:
- - cryptographically, it appears more secure (i.e. larger public key
sizes possible)
- - it seems to be more widely used
- - it is easier to use (debateable)
- - its free
- - PGP in general is more flexible

I've read a bit of information comparing the two, but it is all pretty
old (mostly pre-2000).  So, I may be operating under some false assumptions.

Also, since PGP seems to be in wider use, why do fewer MUA's support it
out of the box?  To add PGP support to many of the more common MUA's in
use, a 3rd party application needs to be used.  While S/MIME support
seems to be included into a lot of common MUA's.  Is this because of
licensing issues with commercial PGP?  Or is including S/MIME support
just easier, so developers include it out of convenience.

Thoughts?

- --Ben
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAP8Nu3cL8qXKvzcwRAg8/AKC2Zjb0sx18iS1un5xbRc/QK2qNDACgq5rG
X/yTyupNhwe8ShhkJU1Tp38=
=WpF2
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html