Ian Grigg <iang(_at_)systemics(_dot_)com> writes:
Jon Callas wrote:
I've been asked to speak at an Identity
conference and while I was musing on the
unsuitability of x.509/PKI for identity,
it occurred to me that one of the barriers
is that OpenPGP is not a standard, whereas
x.509 is.
Huh? OpenPGP isn't a standard? How?
Specifically (bearing in mind the emphasis
outlined below on mindspace) we lack the completed
RFC. That will be a big help.
Uhh, define "completed RFC". RFC2440 is completed, has been for
several years. It's also an RFC. It will always be an RFC. RFC2440
will never change!
<chair-hat>
There's the ongoing rfc2440bis work, which will hopefully complete
soon and get turned into a new RFC with a new RFC number and will
obsolete RFCs 1991 and 2440. But that does not obviate the fact that
RFC 2440 is a published Proposed Standard on OpenPGP.
</chair-hat>
So, your statement that "OpenPGP is not a standard" is clearly
incorrect.
-derek
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant