Ian,
ianG <iang(_at_)iang(_dot_)org> writes:
Context: I'm not saying I want to open up the debate. My context is
that I'm already doing it. In effect <advert> I abandoned OpenPGP 2
years back so that I could build my own PKI to suit my today's
requirements </advert>. To add further flesh to that, PHB is doing
the same. Jon will also have something to say on this, and others...
In short, the reality is that PKIs are evolving around us, so the
question is not whether to do it, it's already happening.
The question is whether to bring it back in house?
I'm not sure why you need to abandon OpenPGP to do this. Me, I'm
building a PKI *using* OpenPGP. It's actually working quite well,
although I wish there were more standard ways to do the things I
need/want to do. But there's definitely enough flexibility in 4880 to
do everything I want/need.
Perhaps what we need is (as already suggested by Jon) a document or set
of documents that define how to do different types of PKI using OpenPGP
data structures.
-derek
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp