An Overview of OpenPGP and S/MIME
For governments on the one hand, and technologists on the other, trying to build encryption into the future Internet has become a nightmare. The promise of secure electronic communication is a boon to online shopping, business communication, and individual privacy in an increasingly complex world. Governments are rightly concerned that their ability to enforce the law could be constrained by strong encryption. This has lead to a mutually antagonistic relationship between the parties.
Any nascent Internet standard is primarily a technology, not the definition of the technology’s legal use. However, both proposals have been hampered by the need for strong encryption and the necessity to work with governments that severely limit the exportation of products or APIs with strong encryption. Both the OpenPGP and S/MIME standards are affected by these considerations since they both deal with strong cryptography.
OpenPGP and S/MIME are very similar in some respects: They both provide authentication via digital signatures and privacy via data encryption. They structure signed content in the same way. Both have IETF working groups attempting to create a specification worthy of becoming an Internet standard. However, the cryptographic algorithms used, MIME content types, and the type of certificates used to prove a user’s identity are completely different.
OpenPGP is based on Phil Zimmerman’s phenomenal program for bringing private communication to individuals. ...
Get Programming Internet Email now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
