openPGP vs x509

[Adrian 'Dagurashibanipal' von Bidder]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 07 April 2004 10.29, Kai Klesatschke wrote:

> My opninion is, that the hierarchical X509 structur is more efficient
> because not every client has to know about a special certificate. On

No, I think you can just do exactly the same as with X.509: ship a few 
PGP keys of some CAs which are trusted by default for casual users. Or 
don't, and just go in 'encrypted/untrusted' mode by default.

Serious users can then install PGP keys of servers they trust. I fail to 
see the difference here between operation with X509 certificates, or 
operation with PGP keys.

> the other side, I have no idea how this should work with pgp-keys in
> reality. To encrypt a connection normaly the opponents publickey is
> used to encrypt and the secretkey is used to decrypt. This means,
> that a server have to know all public keys of clients connecting to
> it. A handshake between the server an client maybe solve this prob.

I'm guessing here, but if I were implementing TLS/GPG, I would use the 
OpenPGP keys for authentication only, and create a session key on 
connect. Again, same as with X509/TLS, you can operate in an 
assymmetric mode where only the server authenticates itself with a 
public key, and the client does not present a public key to the server.

cheers
- -- vbi

- -- 
Q:	How many IBM 370's does it take to execute a job?
A:	Four, three to hold it down, and one to rip its head off.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481

iKcEARECAGcFAkBz8KBgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw
NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6giYAoIDZdBLZoNn0El7D7QpHhIrY
A+L2AKCWzOu2BfckjSfGqcrqH3wqUSybnw==
=w+FY
-----END PGP SIGNATURE-----