January 23rd 06, 06:53 PM
posted to microsoft.public.exchange.misc,microsoft.public.outlook,microsoft.public.security
|
|
|
PGP vs Digital IDs
Fredly wrote:
Thank you for the info!!!!
I like the Thawte free option... I was thinking we would need to buy
from Verisign and pay roughly $15 a month, per ID. What exaclty are
the differnces between a pay cert and a free cert?
Try www.thawte.com
Kerry
"Vanguard" wrote in message
...
"Fredly" wrote in message
...
We need to encrypt email btween a customer of ours and us. I have
been looking at options. We are footing the bill. It will begin
with a single address here and one customer with three email
addressses. We will expand this to over 20 customers if things go
well. This will get expensive so we
want to choose the right solution. We want something that will be
cross platform and non-intrusive for the customer, not to mention
easy to set up.
If you and the recipients are using Outlook (because you asked in
this newsgroup), why not use x.509 certificates? Support for them
is already built into Outlook. You can get free e-mail certs at
Thawte but they really aren't of much use. Anyone can get one and
about all they are good for is to identify the e-mail address of
sender in a digital signature and are useful for encryption. You
can go through their Web Of Trust mechanism to get more information
put into your certificate to provide more details, like who you
actually are versus just your e-mail address. There is probably a
charge for each WOT notary you use to up the credibility of your
cert. You could get a cert from Verisign that has all your
credentials already in it, and your customers could get freemail
certs from Thawte. It depends on which party must be the most
detailed in the credentials they provide in their digital signature.
Whether x.509 or PGP, you will need to send a digitally signed mail
to the recipient who then must save your public key included in that
mail, usually by saving you as a contact. Then when they want to
send you encrypted mails, they use your public key, send it to you,
and you use your private key to decrypt their mail. If you want to
send them encrypted mails, you need to have them send you their
public key in a digitally signed mail. You get a cert so you can
sign your mails and others can send you encrypted mails. They get a
cert so they can sign their mails and you can send them encrypted
mails.
I haven't use PGP but I hear there is an add-on that lets it work
within Outlook. Not all PGP providers are free. I haven't bothered
with buying a cert because, for personal mails, identifying myself
by my e-mail address is sufficient as far as I am concerned, so the
freemail certs from Thawte are okay for me. I only use my cert to
digitally sign a few of my e-mails. No one I know has sent me their
cert in a digitally signed mail (so I can get their public key) so I
cannot send them encrypted mails. Thawte has their freemail certs
but there are drawbacks to having to use their WOT if you want more
credentials in your cert. I suspect Verisign is a pricey cert
provider. Thawte and GeoTrust are cheaper. Thawte is probably a
lot cheaper than Verisign but Verisign acquired Thawte back around
2000, so I've read where some Thawte users will have their Thawte
cert branded with "A Verisign Company" since users know and most
trust Verisign.
I only dipped into the PGP cert mechanism but didn't bother with it,
so someone else will have to offer advice on that other scheme.
--
__________________________________________________
Post replies to the newsgroup. Share with others.
For e-mail: Remove "NIX" and add "#VN" to Subject.
__________________________________________________
|