making the X.509 infrastructure available for OpenPGP

Daniel Kahn Gillmor dkg at
Tue Feb 4 15:47:55 CET 2014

On 02/04/2014 09:01 AM, Mark H. Wood wrote:
> Having said that, you might look at how OpenSSH has included X.509
> certificates in its operation.  There is precedent for something like
> what you suggest.

fwiw, the answer here is "they haven't".  Roumen Petrov's X.509 patches
remain outside of OpenSSH mainline, and there seems to be very little
chance for upstream adoption.  Some distributions may include those
patches, but not all of them, and upstream has held the line against
them, even implementing their own certificate format instead of adopting


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140204/9e19c235/attachment.sig>

More information about the Gnupg-users mailing list