I'd like to write my comments.
"X.509 is a standard". It is true because we have no any alternative
choice for CA service in OpenPGP. It is hard to make OpenPGP CA
service because there is no trust model with certificate authority in
OpenPGP.
Current version of "Web of Trust" is not effective for
trustworthiness. See "Web of Trust" in Debian project. It looks as
like "autograph please", "I have more autographs than you".
But "Web of Trust" model is very flexible way and it has potential to
make OpenPGP based CA model. I understand that OpenPGP based CA
service must be there also.
Please note that OpenPGP based CA service must be not only business
domain but also community domain. Organizations, companies, school,
class, projects and any size of community may have their own CA. It
should be compared with "Student ID", "Member ID" and "Backstage
ID". It should not be compared with "Passport ID", "Nation ID" and
"Social ID". Fair identification is necessary for our life.
Today, X.509 with OpenPGP is practical solution but ultimate solution
is to make OpenPGP's "Web of Trust" model with certificate authority
for our community. X.509 is OK but I'd would like to seek "something
new for OpenPGP".
I have a plan to make "Trusted Public Keyserver" that can provide
public keys that owner-allowed to open public. Many public keys in
public keyserver have garbage signatures and many OpenPGP users put
their "please use this" public key in their web site, not public
keyserver. OpenPKSD-TPK will be my answer. Finish this plan, I'd like
to design "Trust model with OpenPGP based CA" and to implement it.
I believe that the diversity is required to survive, is not the first
step to the chaos.
Regards,
---
Hironobu SUZUKI (From Japan)
E-Mail: hironobu @ h2np.net
URL: http://h2np.net
URL: http://openpksd.org