playing with cryptography...

John Clizbe JPClizbe at tx.rr.com
Wed May 21 10:28:49 CEST 2008


Ramon Loureiro wrote:
> I've got a personal THAWTE Certificate!
> It carries my name. I wonder if it will be enought to trust me on the GPG
> model...

That depends on the person granting trust, the trust model they have adopted,
and whether or not (and to what degree) they trust Thawte's certification
(signature).

The OpenPGP trust model is a proper superset of the centralized hierarchical
trust model most often seen in the X.509 world. Several years ago Matt Blaze
made the observation that commercial CAs will protect you against anyone who
that CA refuses to accept money from.

Most Class I Certificates only prove you have control of the email address. Not
that you actually are who the name and email purport to be.

There's a fairly simple explanation of the difference in the two architectures
by Phil Zimmermann at http://www.openpgp.org/technical/whybetter.shtml

-- 
John P. Clizbe                   Inet: JPClizbe (a) tx DAWT rr DAHT con
Ginger Bear Networks             hkp://keyserver.gingerbear.net
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080521/ba53d034/attachment.pgp>


More information about the Gnupg-users mailing list