Jon Callas <jon(_at_)pgp(_dot_)com> writes:
The biggest advantage of a PGP cert has is the way that it is "agile" as
I've heard some people call it. If you want to look at how you fit PGP into
a world that thinks names are important, you can use an email address as a
DN. If you want to use PGP in a name where keys are important, use the
fingerprint (or key proper) as a DN. No biggie. In fact, one of the central
points of the way the web of trust is organized relates directly to
resolving this apparent dichotomy. The PGP software, since its earliest
days, manages this apparent dichotomy. The beauty of PGP as a PKI is that
it can easily bridge an X.509-like, name-centric world to a SPKI-like,
key-centric world.
I see one problem with this approach, and that is in looking up keys.
If we use the email address as the DN, then DNS will make an excellent
mechanism for looking up keys. Of course, email addresses have
certain problems as DN's, as Carl will point out of I don't. If we
think of the key as the DN, then we avoid those problems, but create a
different one: given a signature, how do I find the key to use to
verify it? Past solutions are to carry certs around within every
message, which is inefficient, or to have a global index, which
doesn't scale.
We need to solve this problem. One option which comes to mind is to
include a "domain name" for the a pgp cert RR with the message instead
of the cert itself; this does not need to be signed, as the message
verification will fail if it is modified. Unfortunately, this has the
problem that cert domain names may change or go away, making
verification in the future difficult unless a long-term cert cache is
kept near the message.
Marc