openPGP vs x509
atom-gpg at suspicious.org
Wed Apr 7 10:48:06 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
> My opninion is, that the hierarchical X509 structur is more efficient
> because not every client has to know about a special certificate. On the
> other side,
i would argue that it's less efficient, largely because there's a single
point of failure (the CA).
> I have no idea how this should work with pgp-keys in reality.
here's how i picture it:
let's say you connect to https://my-server.com and that certificate is
signed with my PGP key. if you have my key "installed" in your browser,
and marked as "trusted", then you get a secure connection. otherwise, you
get a pop-up box asking you if you'd like to accept, examine or discard
> To encrypt a connection normaly the opponents publickey is used
> to encrypt and the secretkey is used to decrypt. This means, that a
> server have to know all public keys of clients connecting to it. A
> handshake between the server an client maybe solve this prob.
my understanding of SSL/TLS is that the client can authenticate the
server, but the server has no way to authenticate the client (via
in practice, i connect to https://paypal.com and i want to be VERY sure
that i'm connecting to the correct server. the server has no need to
authenticate that the key on my end ~really~ belongs to me... that's what
my login credentials (username/password) are for.
PGP key - http://atom.smasher.org/pgp.txt
3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
"You have just dined, and however scrupulously
the slaughterhouse is concealed in the graceful
distance of miles, there is complicity."
-- Ralph Waldo Emerson, 1870
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures
-----END PGP SIGNATURE-----
More information about the Gnupg-users