|
[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[NMLUG] e-mail and digital ID's (signing and encrypting)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Wesley J. Landaker wrote:
> On Wednesday 22 August 2007 15:59:18 Ed Heron wrote:
>> We've got a certificate for our domain. We should be able to produce
>> individual 'digital ID's for employees. I realize this doesn't make
>> additional money for the CA's, but we'll leave the philosophy out of it
>> for the moment, ok? If we were to pay for digital ID's for all
>> employees, at $20/year/employee, it could quickly get out of control.
>> I'm not going to get approval to spend $1600/year on it. I can barely
>> get approval for $500 for a multiple server certificate for our web farm.
>
> First of all, never pay for certs, it's not worth it and doesn't give you
> *any* added technical or security benefits.
>
> If you are doing S/MIME, be your own CA, or use CAcert:
>
> http://www.cacert.org/
>
> If you are smarter and are doing OpenPGP:
>
> http://www.ietf.org/rfc/rfc2440.txt
> http://www.gnupg.org/
> ... etc ...
Right on!
Definitely, go with gnupg/OpenPGP.
It is supported out-of-the-box on many non-MS mailers,
like Thunderbird, and AFAIK, there is a plug-in you can
get for Outlook.
There are FREE keyservers!
The web-of-trust keysigning procedure (if your client demands is)
is at least as good as buying a cert. Probably better.
aaron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGzYyPY9pzGJrjUYARAiPQAKDhFi9K1T5AHDIp4bGsBqrXJNGU7ACfWT9A
zjmBts6lxWTl4+VOnw1MXB8=
=yMS1
-----END PGP SIGNATURE-----
|
|
