making the X.509 infrastructure available for OpenPGP

Melvin Carvalho melvincarvalho at
Tue Feb 4 18:21:58 CET 2014

On 4 February 2014 15:47, Daniel Kahn Gillmor <dkg at> wrote:

> On 02/04/2014 09:01 AM, Mark H. Wood wrote:
> > Having said that, you might look at how OpenSSH has included X.509
> > certificates in its operation.  There is precedent for something like
> > what you suggest.
> fwiw, the answer here is "they haven't".  Roumen Petrov's X.509 patches
> remain outside of OpenSSH mainline, and there seems to be very little
> chance for upstream adoption.  Some distributions may include those
> patches, but not all of them, and upstream has held the line against
> them, even implementing their own certificate format instead of adopting
> X.509.

Any reason why this might be?

FWIW: I have converted my RSA GPG key into a self signed X.509 certificate,
which I display on my homepage.  Although there's no official web or trust,
it has links in, and links out, to other people's identities (and keys)
forming a mini WOT, in the same sense that a search engine might use links
in and links out as a social signal.

>         --dkg
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140204/a320c059/attachment.html>

More information about the Gnupg-users mailing list