openPGP vs x509

Atom 'Smasher' atom-gpg at
Wed Apr 7 10:48:06 CEST 2004

Hash: SHA1

> My opninion is, that the hierarchical X509 structur is more efficient
> because not every client has to know about a special certificate. On the
> other side,

i would argue that it's less efficient, largely because there's a single
point of failure (the CA).

> I have no idea how this should work with pgp-keys in reality.

here's how i picture it:

let's say you connect to and that certificate is
signed with my PGP key. if you have my key "installed" in your browser,
and marked as "trusted", then you get a secure connection. otherwise, you
get a pop-up box asking you if you'd like to accept, examine or discard
the certificate.

> To encrypt a connection normaly the opponents publickey is used
> to encrypt and the secretkey is used to decrypt. This means, that a
> server have to know all public keys of clients connecting to it. A
> handshake between the server an client maybe solve this prob.

my understanding of SSL/TLS is that the client can authenticate the
server, but the server has no way to authenticate the client (via

in practice, i connect to and i want to be VERY sure
that i'm connecting to the correct server. the server has no need to
authenticate that the key on my end ~really~ belongs to me... that's what
my login credentials (username/password) are for.


 PGP key -
 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3

	"You have just dined, and however scrupulously
	 the slaughterhouse is concealed in the graceful
	 distance of miles, there is complicity."
		-- Ralph Waldo Emerson, 1870
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -


More information about the Gnupg-users mailing list