On Wed, Sep 11, 2013 at 8:50 AM, Michael Greenly <mgreenly at gmail.com> wrote: > > S/Mime uses a centralized certificate authority. PGP/GPG is decentralized. There's no question that PGP/GPG is preferable over S/Mime because of this > > S/MIME and GPG/GPG use the same crypto. So from the standpoint of protecting the message content, they will be identical. Using a CA does not provide the private key to the authority. Thus, having access to the CA does not allow you to decrypt things from certificates it signs- it only permits you to generate another certificate that would be trusted the same way, making a future man-in-the-middle attack possible. But it wont help you on any existing/past messages, and it wont do any good if the two parties in the exchange continue to use the keys they already had. Jay