Analognetzwerker

Die Mitglieder des Deutschen Bundestages sind derart begierig, das Unbehagen über technisch ahnungslose Entscheidungsträgerinnen zu schüren, dass selbst die FAZ mit einem kenntnisreichen, gut recherchierten Beitrag zur E-Mail-Kryptographie kontern muss. Und es ist wirklich seltsam, dass der Bundestag auf S/MIME setzt: Schließlich gehört der geschickte Aufbau eines Web of Trust zu den Kernkompetenzen von Politikerinnen.

Neben der FAZ argumentiert auch der kenntnisreiche Thomas Pornin auf IT Security, dass OpenPGP viele Vorteile gegenüber S/MIME hat:

Theoretically, in an enterprise context, WoT does not work well; the X.509 hierarchical PKI is more appropriate, because it can be made to match the decisional structure of the envisioned companies, whereas WoT relies on employees making their own security policy decisions.

In practice, although most emailing softwares already implement S/MIME (even Outlook Express has implemented S/MIME for about one decade), the certificate enrollment process is complex with interactions with external entities, and requires some manual interventions. OpenPGP support usually requires adding a plugin, but that plugin comes with all that is needed to manage keys. The Web of Trust is not really used: people exchange their public keys and ensure binding over another medium (e.g. spelling out the "key fingerprint" -- a hash value of the key -- over the phone). Then people keep a copy of the public keys of the people they usually exchange emails with (in the PGP "keyring"), which ensures appropriate security and no hassle. When I need to exchange secure emails with customers, I use PGP that way.