making the X.509 infrastructure available for OpenPGP

Peter Lebbing peter at
Thu Feb 6 10:58:12 CET 2014

On 06/02/14 03:48, Hauke Laging wrote:
> the respective CA could automatically create a signature for it as Peter has
> explained

Actually, I suggested leveraging an existing X.509 certification to induce
validity in the OpenPGP model. The CA would not be actively involved.

> So the best way would probably be to require just a subkey to be the same.

I don't see how that would work[1] for the method I came up with. I suggested
matching the UID's, but UID's are always bound to the primary key, so it needs
to be the primary key which is certified.

> b) The Fakultätentag Informatik has published a statement about a crypto 
> culture at the universities after Snowden: 

Ha! If the Snowden revelations have made anything obvious, it is that the trust
model of X.509 is horribly broken[2]. Unless they do some sort of certificate or
CA pinning at the least, implementing this proposal would only induce a false
sense of security and require the NSA to do, for example, active MITM instead of
passive collecting. And since we're talking about e-mail traffic inside or
between universities, I don't think passive collecting gets you very far in any
case if they enable secure SMTP.

But at least it might cultivate people who at least think about, or realise
there is such a thing as security and attackers. Let's just hope we don't
cultivate fundamentally flawed practices.

I don't doubt security experts at the universities are much better at this than
I am, but I'm a bit cynical about them getting what is needed to implement this

> A CS professor at Berlin's biggest university (more or less the biggest one 
> in Germany) has even told me that he doesn't want me to organize OpenPGP 
> courses there! That is the situation.

If the reason for that is solely that he favours S/MIME, it sounds like a really
strange decision. It sounds like the problem is with this person, not with
OpenPGP. Have you tried to talk to his colleagues or staff?

> From the perspective of spreading OpenPGP it seems quite dangerous to me to 
> ignore the CAs (for "political" reasons or whyever). Of course, using OpenPGP
> does not morally oblige someone to help spread it. But I think it would be
> fair not just to say something like "I don't care about CAs" but to add "I
> don't care whether OpenPGP or X.509 gets the new crypto users". Of course,
> someone could both not care about CAs and be interested in spreading OpenPGP
> but that attitude would rise some very interesting questions.

Actually, in this last piece, it is your attitude which rises questions. You are
merely venting your own opinion, and do so in a way slightly offensive to people
with a different opinion.

I sincerely disagree as well. I don't see why OpenPGP needs to get involved with
CA's, a model which is at the heart of the problem of S/MIME. I don't see why
any alternative way of making it a more turnkey solution would be inferior to
getting involved with X.509. I don't know a good alternative way, but I don't
reject them either.

And how is it '"political" or whyever' to state that CA's can't be trusted? It
feels "policital" to me to say they /can/ be trusted. I'd expect a politician to
say that, along with "you can trust me". Yeah right.

I think some things that are already available get us part of the way, and
perhaps bundling them with good docs would make a major difference. The checking
of fingerprints is a bit annoying, but I've seen a program to make a QR code;
that way (if you trust your phone), it gets a whole lot easier to certify people
you know by taking a picture of that QR code with your phone.



[1] Without significant alterations to the existing model, which I was trying to

[2] Okay, it was obvious already before that.

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list