1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Boyd Stephen Smith Jr. wrote: |
5 |
> On Saturday 30 September 2006 01:39, "Duncan" <1i5t5.duncan@×××.net> wrote |
6 |
> about '[gentoo-amd64] Re: How To Play WMV (thread drift -slaveryware)': |
7 |
>> "Boyd Stephen Smith Jr." <bss03@××××××××××.net> posted |
8 |
>> 200609300101.09472.bss03@××××××××××.net, excerpted below, on Sat, 30 |
9 |
>> Sep |
10 |
>> 2006 01:01:05 -0500: |
11 |
>>> Apparently his mailer |
12 |
>>> (Thunderbird + Enigmail) seems to be singing his messages twice. |
13 |
>> He's signing using two different formats, apparently, smime and pgp/gpg. |
14 |
> |
15 |
> Yeah, they should probably only use one technique to sign their messages. |
16 |
> inline PGP/GPG is deprecated, IIRC, because it doesn't handle attachments |
17 |
> well (or at all?). S/MIME is preferred now but, inline PGP/GPG, being a |
18 |
> bit older, has better support. I know kmail still has some ease-of-use |
19 |
> issues with S/MIME, but I don't think it affects correctness. |
20 |
> |
21 |
|
22 |
Well, I can probably shed some light on things: |
23 |
|
24 |
1. Yes, my messages are signed twice (gpg and s/mime). I found half |
25 |
the mailers out there support one or the other, but not always both. |
26 |
So, I use both. Probably doesn't hurt much other than the inline gpg. |
27 |
|
28 |
2. The signatures probably are valid on every mail reader out there - |
29 |
as far as I can tell. |
30 |
|
31 |
3. HOWEVER, the s/mime signature is using a cert from cacert.org, which |
32 |
hasn't paid for a webtrust audit - and therefore is not in the root cert |
33 |
list for most browsers/email clients. So, while the signature is valid, |
34 |
the chain of trust probably isn't. |
35 |
|
36 |
4. cacert is about as open-source as you can get for something like a |
37 |
CA. Unfortunately, while gpg uses the web-of-trust model s/mime uses a |
38 |
top-down model. While most users don't think about it, they're |
39 |
implicitly allowing whoever distributes their software to decide who |
40 |
they will trust... (As an aside, cacert.org is interested in trying to |
41 |
get more mainstream support, but for various (often reasonable) reasons |
42 |
most distributors are more interested in just deferring to webtrust - |
43 |
which is VERY expensive.) The community really does need a better |
44 |
solution for SSL certs. (Yes, you can get an s/mime cert free from the |
45 |
big players, but you certainly can't get one for https...) |
46 |
-----BEGIN PGP SIGNATURE----- |
47 |
Version: GnuPG v1.4.5 (GNU/Linux) |
48 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
49 |
|
50 |
iD8DBQFFH7LpG4/rWKZmVWkRAh7TAJ0aTgiu1rueTzyUa90OQdi+oWf6HQCcDGfe |
51 |
7FFtEFj+VjjMHiYi8yWGIyk= |
52 |
=1EY6 |
53 |
-----END PGP SIGNATURE----- |