Thread: PGP vs Digital IDs
View Single Post
  #3  
Old January 23rd 06, 05:13 PM posted to microsoft.public.exchange.misc,microsoft.public.outlook,microsoft.public.security
Fredly
external usenet poster
  
Posts: 6
Default PGP vs Digital IDs
Thank you for the info!!!!

I like the Thawte free option... I was thinking we would need to buy from
Verisign and pay roughly $15 a month, per ID. What exaclty are the
differnces between a pay cert and a free cert?


"Vanguard" wrote in message
...
"Fredly" wrote in message
...
We need to encrypt email btween a customer of ours and us. I have been
looking at options. We are footing the bill. It will begin with a
single
address here and one customer with three email addressses. We will
expand
this to over 20 customers if things go well. This will get expensive so
we
want to choose the right solution. We want something that will be cross
platform and non-intrusive for the customer, not to mention easy to set
up.


If you and the recipients are using Outlook (because you asked in this
newsgroup), why not use x.509 certificates? Support for them is already
built into Outlook. You can get free e-mail certs at Thawte but they
really
aren't of much use. Anyone can get one and about all they are good for is
to identify the e-mail address of sender in a digital signature and are
useful for encryption. You can go through their Web Of Trust mechanism to
get more information put into your certificate to provide more details,
like
who you actually are versus just your e-mail address. There is probably a
charge for each WOT notary you use to up the credibility of your cert.
You
could get a cert from Verisign that has all your credentials already in
it,
and your customers could get freemail certs from Thawte. It depends on
which party must be the most detailed in the credentials they provide in
their digital signature.

Whether x.509 or PGP, you will need to send a digitally signed mail to the
recipient who then must save your public key included in that mail,
usually
by saving you as a contact. Then when they want to send you encrypted
mails, they use your public key, send it to you, and you use your private
key to decrypt their mail. If you want to send them encrypted mails, you
need to have them send you their public key in a digitally signed mail.
You
get a cert so you can sign your mails and others can send you encrypted
mails. They get a cert so they can sign their mails and you can send them
encrypted mails.

I haven't use PGP but I hear there is an add-on that lets it work within
Outlook. Not all PGP providers are free. I haven't bothered with buying
a
cert because, for personal mails, identifying myself by my e-mail address
is
sufficient as far as I am concerned, so the freemail certs from Thawte are
okay for me. I only use my cert to digitally sign a few of my e-mails.
No
one I know has sent me their cert in a digitally signed mail (so I can get
their public key) so I cannot send them encrypted mails. Thawte has their
freemail certs but there are drawbacks to having to use their WOT if you
want more credentials in your cert. I suspect Verisign is a pricey cert
provider. Thawte and GeoTrust are cheaper. Thawte is probably a lot
cheaper than Verisign but Verisign acquired Thawte back around 2000, so
I've
read where some Thawte users will have their Thawte cert branded with "A
Verisign Company" since users know and most trust Verisign.

I only dipped into the PGP cert mechanism but didn't bother with it, so
someone else will have to offer advice on that other scheme.

--
__________________________________________________
Post replies to the newsgroup. Share with others.
For e-mail: Remove "NIX" and add "#VN" to Subject.
__________________________________________________
Ads