openPGP vs x509

Adrian 'Dagurashibanipal' von Bidder avbidder at
Wed Apr 7 14:14:24 CEST 2004

Hash: SHA1

On Wednesday 07 April 2004 10.29, Kai Klesatschke wrote:

> My opninion is, that the hierarchical X509 structur is more efficient
> because not every client has to know about a special certificate. On

No, I think you can just do exactly the same as with X.509: ship a few 
PGP keys of some CAs which are trusted by default for casual users. Or 
don't, and just go in 'encrypted/untrusted' mode by default.

Serious users can then install PGP keys of servers they trust. I fail to 
see the difference here between operation with X509 certificates, or 
operation with PGP keys.

> the other side, I have no idea how this should work with pgp-keys in
> reality. To encrypt a connection normaly the opponents publickey is
> used to encrypt and the secretkey is used to decrypt. This means,
> that a server have to know all public keys of clients connecting to
> it. A handshake between the server an client maybe solve this prob.

I'm guessing here, but if I were implementing TLS/GPG, I would use the 
OpenPGP keys for authentication only, and create a session key on 
connect. Again, same as with X509/TLS, you can operate in an 
assymmetric mode where only the server authenticates itself with a 
public key, and the client does not present a public key to the server.

- -- vbi

- -- 
Q:	How many IBM 370's does it take to execute a job?
A:	Four, three to hold it down, and one to rip its head off.
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: get my key from


More information about the Gnupg-users mailing list