Terminology - certificate or key ?

Damien Goutte-Gattat dgouttegattat at incenp.org
Thu Sep 29 15:23:35 CEST 2016

On 09/29/2016 12:23 PM, John Lane wrote:
> I was just wondering whether I've misunderstood

No, you understood well. What we commonly call an "OpenPGP public key" 
should really be called, strictly speaking, an "OpenPGP certificate". 
And "signing a key" is really "certifying" the binding between a (true) 
public key and an user ID.

> or if there is some historic reason for my confusion.

It seems there is, according to one of the authors of RFCs 2440 and 
4880. Apparently, at the time they were told by the IETF to avoid 
speaking of "certificates" so that OpenPGP would not seem to rivalize 
with PKIX [1].

Network Associates did not have this concern, and in their "Introduction 
to Cryptography" [2] they clearly talk about "PGP certificates" instead 
of "PGP public keys".


[1] http://www.ietf.org/mail-archive/web/openpgp/current/msg07712.html

[2] ftp://ftp.pgpi.org/pub/pgp/6.5/docs/english/IntroToCrypto.pdf

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160929/2e9bd454/attachment.sig>

More information about the Gnupg-users mailing list