Differences: OpenPGP vs. X.509

Bernhard Reiter bernhard at intevation.de
Tue Jan 20 12:58:37 CET 2009

On Donnerstag, 15. Januar 2009, Werner Koch wrote:
> > strategies/options may be appropriate to go in this way (e.g. embed one
> > format into the other, using the same key parameters etc.)?
> This problem needs to be solved at the MUA level.  

I agree here, this is an application level problem.

There is another difference to me, though.
Even if X509 might be able to work with Bridges, usually this is not done.
Only a small subset of root certificates will be trusted in a considered 

Most important from the user view is that the user is able to understand
which trust he or she can assume for the email that is being send right now
(or that particular signature under verification).

The following approach only works if the possible difference
in trust is adequetely communicated to the users:

> That is, if you are 
> going to send a message to someone or to a group of people, it should be
> send out using the protocol for which you have keys for most of the
> recipients and the MUA may then send out the same message encrypted for
> the other set of recipients, using the other protocol.  (This resembles
> BCC processing).

Also you would lose the information to whom this was encryted.


Managing Director - Owner: www.intevation.net      (Free Software Company)
Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1603 bytes
Desc: not available
URL: </pipermail/attachments/20090120/977364f5/attachment.bin>

More information about the Gnupg-devel mailing list