Using GPG as a certificate autority

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Sat Apr 12 15:33:02 2003


--Boundary-02=_xXBm+hpWpnWpX4b
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Friday 11 April 2003 18:59, Mike Campbell wrote:
> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

Please don't use HTML mail.

> Is it possible to use GPG as a certificate authority?<br>

In principle, yes. The OpenPGP does not require a certain trust model, so a=
=20
centralized trust model with a CA (or with multiple CAs) can be implemented

BUT
>[...] Oracle's wallet manager [...]

Without knowing the product, I think most commercial products that support=
=20
cryptographical certificates and hierarchical trust models use X.509=20
certificates and not OpenPGP certificates. Standard gpg can't do anything=20
with X.509 certificates.=20

There's work being done to allow interoperation between the X.509 world and=
=20
the OpenPGP world. I can't say how much of this already works and how it is=
=20
supposed to work in the end. I think you should find some information in th=
e=20
list archives (gpg-devel, probably) when you search about 'gpgsm' and=20
possibly '=E4gypten' or 'newpg'.

cheers
=2D- vbi

=2D-=20
random link of the day: http://fortytwo.ch/sienapei/lohpaidi

--Boundary-02=_xXBm+hpWpnWpX4b
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iKcEABECAGcFAj6YFfBgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjMmbWQ1c3VtPTE0Y2E2MTZmMTQ2ODJhODJj
YjljYzI1YzliMzRhMTBkAAoJEIukMYvlp/fWSnUAoPNLobr4/46cYarLVcLpnKMi
2KcPAJ4urhxxlSjn0t42yXG4mvBgcCldRA==
=yTOP
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.3&md5sum=14ca616f14682a82cb9cc25c9b34a10d

--Boundary-02=_xXBm+hpWpnWpX4b--