gpg certificate authorities

Huels, Ralf SCORE
Tue Feb 19 08:35:01 2002

> OpenPGP for example allows such a situation: I am a Thawte WOT notary =
so I
> trust their signing key. I set this key to have high (or even =
> trust). Other people who also trust the key may set this similarly. =
> there's no way to enforce the setting.

That precisely is the point. Enforcing that setting would be beneficial
to trust center revenue. Thus (some people argue), X.509 is more =
with the established TCs than OpenPGP.=20

Sure, I can implement a hierarchical PKI using OpenPGP but, as you say,
it is not mandatory, while with X.509 it generally is.=20