[tclug-list] Email Crypto options vs NSA

Wed Sep 11 11:31:41 CDT 2013

My statement was specifically related to the recent revelations around the
NSAs focus on third parties not to the strengths of the encryption which I
agree are essentially identical.

As long as you trust the central authority (you self sign certificates for
example) there's no reason to think S/Mime is less secure.  But if you're
going to do that though you may as well stick with GPG it's designed to be
used without a central authority.

I stand by my original statement.  if you're goal is to prevent the NSA
from reading your email.  Using any protocol that puts trust in a third
party certificate authority is a horrible mistake.  They may not be
compromised but it's certainly possible given recent revelations.  The only
reasonable option is to avoid them.

I stand by my original statement.  GPG is preferable.

On Wed, Sep 11, 2013 at 9:28 AM, Jay Kline <jay at slushpupie.com> wrote:

> On Wed, Sep 11, 2013 at 8:50 AM, Michael Greenly <mgreenly at gmail.com>
> wrote:
> >
> > S/Mime uses a centralized certificate authority.  PGP/GPG is
> decentralized.  There's no question that PGP/GPG is preferable over S/Mime
> because of this
> >
> >
>
> S/MIME and GPG/GPG use the same crypto. So from the standpoint of
> protecting the message content, they will be identical. Using a CA
> does not provide the private key to the authority.  Thus, having
> access to the CA does not allow you to decrypt things from
> certificates it signs- it only permits you to generate another
> certificate that would be trusted the same way, making a future
> man-in-the-middle attack possible.  But it wont help you on any
> existing/past messages, and it wont do any good if the two parties in
> the exchange continue to use the keys they already had.
>
> Jay
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>

-- 
Michael Greenly
http://logic-refinery.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20130911/07f3c204/attachment.html>