Hi,
I can't comment on TLS specific things but here are a few minor
things:
1. Introduction
[...]
OpenPGP keys (sometimes called OpenPGP certificates), provide
security services for electronic communications. They are widely
deployed, especially in electronic mail applications, provide public
key authentication services, allow distributed key management and can
be used with a non hierarchical trust model called the "web of trust"
[WOT].
Because OpenPGP does not define any trust model, a wording like
... and allows the use in non hierarchical trust models, for
example the "Web of Trust"[WOT].
seems to better to me.
[...]
2.3. Server Certificate
[...]
DHE_RSA RSA public key which can be used for
signing.
Shouldn't this say: "RSA public key which can be used for
authentication"? Recall that OpenPGP features a key flag to indicate
an authentication key (0x20).
[...]
3. Security Considerations
As with X.509 ASN.1 formatted keys, OpenPGP keys need specialized
parsers. Care must be taken to make those parsers safe against
maliciously modified keys, that could cause arbitrary code execution.
That is superfluous as this is (or well, should) be standard
programming practise. It is in no way special to TLS or OpenPGP.
Salam-Shalom,
Werner