On Thu, 11 Sep 1997, Bonatti Chris wrote:
On Thu, 11 Sep 1997 10:56:06 +0100, Ian Brown wrote:
Here's an ideal opportunity to tie both of these threads
together. A next generation keyserver could store multiple keys
for a user, but be able to specify their preferred one. This
would allow both selection of algorithm and preferred key for
receiving correspondence, while allowing other keys needed to
check signatures etc. to be retrieved if necessary.
This is the best idea yet. It kills 2 bird with one stone.
This approach would suggest a requirement for certificate
structures.
BTW, I've seen some messages regarding X.509 certificates posted
(both pro and con). I guess my feeling is that whatever we
develop should be flexible enough to work with a variety of
public key management schemes. Large organizations are probably
One of my other "stupid PGP tricks" is to convert X.509 to and from PGP
(easier now that X509 has DSS, and maybe DH). I can't really convert
signatures, but I can move the moduli and other information around.
The keyserver protocol is important since I can then integrate the web of
trust into SSL, or do the converse, get an X509 certificate to act as a
PGP keyring including adding that to the WoT. In some ways, with a few
tweaks of the Wot model, the CA hierarchy becomes a subset. So I store a
root key or to (mainly for caching) and then calculate validity based on
what the keyservers say as to who signed who.