LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   S/MIME and PGP,SSL, TLS (http://www.linuxquestions.org/questions/linux-security-4/s-mime-and-pgp-ssl-tls-575415/)

metallica1973 08-07-2007 03:16 PM

S/MIME and using SSL or TLS or use PGP
 
I am concerned about security in connecting to external e-mail using POP3. I have several clients that use e-mail and have notice that there are several security methods for securing e-mail such as S/MIME using TLS and SSL when connecting to mail servers (to and from). Which is preferred, connecting using S/MIME methods(using PKCS #7,TLS or SSL)using PGP using symetric or asymetric keys. I am a bit confused on the differnce between S/MIME using SSL or TLS or using PGP and using symetric or asymetric keys as well? What is the more secure way of securing e-mail either by connecting using S/MIME and using SSL or TLS or PGP and by selecting certain clients and exchanging keys? That would be tedious!

unSpawn 08-09-2007 12:20 PM

If you want to make sure any "talk" between host A and the receiving SMTP host B remains between A and B you would use TLS (prev.: SSL). Separate and unrelated issue: if your message is to be read only by the recipient, and you want the recipient to be able to ascertain the message came from you, then you would use PGP. Now if you are always online, and if you would want to pay money for a commercial cert and if you would want to be able to fool people in thinking you sent a message, you could use S/MIME :-]

metallica1973 08-11-2007 01:42 PM

Can you elaborate on S/MIME?

unSpawn 08-12-2007 01:07 PM

Read up on S/MIME?
http://www.ietf.org/html.charters/smime-charter.html
http://www.imc.org/smime-pgpmime.html
http://en.wikipedia.org/wiki/S/MIME
http://cryptofile.com/x509-openssl.php
http://www.marknoble.com/tutorial/smime/smime.aspx
http://www.dartmouth.edu/~pkilab/pag...ME_e-mail.html

metallica1973 08-13-2007 08:49 PM

So after reading about SMIME and TLS I really dont see the difference!. With both you are using private and public keys(asymmetric encryption). Is all of this communication done through a tunnel like a VPN or is all the security just done through keys and subject to interception?


All times are GMT -5. The time now is 08:36 AM.