Differences: OpenPGP vs. X.509

Bernhard Reiter bernhard at intevation.de
Mon Jan 26 11:13:26 CET 2009

On Samstag, 24. Januar 2009, Stefan X wrote:
> I know that gnupg is able to handle X.509 to some extend and I guess it
> is not full featured. 

For email the gnupg family is pretty full featured.
It can do several methods of validation, CRLs, OCSP, several lookup types 
(LDAP, HTTP) and so on.

For TLS (SSL) I've heard gnutls still misses a few things. I appreciate 
statements from more knowledgeable people.

> Will gnupg be able to use X.509 in all features 
> somewhere in the future?

"All feature" and "an implementation" seem to outrule each other
in X.509 space. Why? To get an idea, read:
X.509 Style Guide, Peter Gutmann


Managing Director - Owner: www.intevation.net      (Free Software Company)
Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20090126/33e442a5/attachment.pgp>

More information about the Gnupg-devel mailing list