openPGP vs x509
Adrian 'Dagurashibanipal' von Bidder
avbidder at fortytwo.ch
Wed Apr 7 10:07:41 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Wednesday 07 April 2004 08.42, Atom 'Smasher' wrote:
> > Check CACert.org.
> it's still based on the x509 PKI (trust us: single point of failure),
> which i don't like as much as the openPGP PKI (web of trust: tunable
> to the paranoia and needs of the end user).
It's not hard to set up a CA of your own, and thus implementing a
PGP-like trust structure in the X509 world (at least, it's much easier
than to convert all x509-using TLS/SSL aware web browsers to PGP/TLS.)
The hard part is to get people to use it.
All in all, I think X.509 vs. PGP is mostly just a question of how to
encode a public key with associated ownership information. Currently it
seems more complicated to implement peer to peer trust models in X.509,
but I'm convinced that this is only a user interface thing, and not
intrinsic to the technology. (But then, I'm no X.509 expert at all, so
I wouldn't know.)
> it doesn't seem hard (in theory) to implement a (user-friendly!)
> openPGP type of PKI into web browsers.
- -- vbi
featured link: http://fortytwo.ch/smtp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481
-----END PGP SIGNATURE-----
More information about the Gnupg-users