openPGP vs x509
Adrian 'Dagurashibanipal' von Bidder
avbidder at fortytwo.ch
Wed Apr 7 14:14:24 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Wednesday 07 April 2004 10.29, Kai Klesatschke wrote:
> My opninion is, that the hierarchical X509 structur is more efficient
> because not every client has to know about a special certificate. On
No, I think you can just do exactly the same as with X.509: ship a few
PGP keys of some CAs which are trusted by default for casual users. Or
don't, and just go in 'encrypted/untrusted' mode by default.
Serious users can then install PGP keys of servers they trust. I fail to
see the difference here between operation with X509 certificates, or
operation with PGP keys.
> the other side, I have no idea how this should work with pgp-keys in
> reality. To encrypt a connection normaly the opponents publickey is
> used to encrypt and the secretkey is used to decrypt. This means,
> that a server have to know all public keys of clients connecting to
> it. A handshake between the server an client maybe solve this prob.
I'm guessing here, but if I were implementing TLS/GPG, I would use the
OpenPGP keys for authentication only, and create a session key on
connect. Again, same as with X509/TLS, you can operate in an
assymmetric mode where only the server authenticates itself with a
public key, and the client does not present a public key to the server.
- -- vbi
Q: How many IBM 370's does it take to execute a job?
A: Four, three to hold it down, and one to rip its head off.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481
-----END PGP SIGNATURE-----
More information about the Gnupg-users