Ian Brown wrote :
The PGP public-key is the principal.
...
I think this is a great way to look at it. Using the public key, its
hash or fingerprint as *the* DN allows all sorts of important
functionality like authorisations.
The major problem with 'key-principal' architectures is the
revocation problem.
When my key is revoked/changed/upgraded/whathaveyou all bindings
are lost.
If you develop a system that goes around this, then the key is
not the principal...
Just my $0.02
-Pat
---
patr(_at_)xcert(_dot_)com
Public Key available via LDAP
http://www.xcert.com