By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Suppose two people exchange messages using symmetric encryption; every time they communicate, a session key is generated that encrypts the message using a protocol that handles session keys like SSL. They could, alternatively, use PGP to exchange messages. Do you think in this scenario that PGP or symmetric encryption would offer better security?
It depends on how trusted the local environment is. Symmetric encryption will ensure non-disclosure between "systems" by encrypting all message packets between mail servers using a shared encryption key. PGP ensures non-disclosure of an individual message by encrypting the actual message and making it viewable only by the sender and recipient. PGP is a bit more flexible as it can be used when the message traverses an unsecured network channel between two systems or even if the recipient is on the same system. As a general guideline, if you have a trusted messaging environment, but the network between servers is in question, then symmetric encrypted sessions like SSL will work. If you're exchanging messages that are so sensitive in nature that even the messaging system administrators shouldn't have access to the message content, like legal or executive communications, I'd use PGP.