TLS client authentication, Re: openPGP vs x509

Mads Laursen gnupg at
Wed Apr 7 14:07:30 CEST 2004

On 07/04/04 13.22, Holger Sesterhenn wrote:
> Hello,
> Werner Koch wrote:
> > TLS provides such a mechanism but sane users don't hand their money
> > over to Verisign for a user certificate.  I don't know whether
> > browsers support this at all.
> It's called 'client authentication' and you have to import this special
> certifacte into your browser. IE, NS and Mozilla do support such
> behaviour since ages.
> I'am working with such a configuration every day. Of course we have
> created our own certificate hierachy. No need for Verisign.

Just adding a data-point: This is also in use for government<->citizen
communication in Denmark (e.g. I used it to file my tax 'papers'), and
it works pretty good.

Common sense is the collection of prejudices acquired by age eighteen.
                -- Albert Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20040407/4524a69c/attachment.bin

More information about the Gnupg-users mailing list