[gnutls-dev] OpenPGP security for web servers, again

John Belmonte john at neggie.net
Tue Feb 3 20:20:09 CET 2004

I've always been frustrated with the lack of PGP support for HTTP.  Why, 
  when the people I need to grant access to my web site all have PGP 
keys, do I have to deal with weak authentication schemes, forcing users 
to remember  new passwords, and the poorly-designed X.509 system?

I was surprised to find out that in 1995 the NCSA HTTP server and 
browser already had PGP support [1].  It was removed due to now-defunct 
export laws of the U.S.

When will such functionality ever be returned to the most popular free 
HTTP server and browser?  It seems that with opencdk and the unique 
OpenPGP  support in gnutls being under the GPL, we'll never see this 
support put into Apache.  Does the new Apache license change the situation?

-John Belmonte

[1] http://hoohoo.ncsa.uiuc.edu/docs/PEMPGP.html

More information about the Gnutls-devel mailing list