ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Opening up the debate on PKI / WoT / future of OpenPGP

2015-04-20 10:22:42
Phillip Hallam-Baker <phill(_at_)hallambaker(_dot_)com> writes:

Looking forward, I want to eventually get to one PKI which combines
Web of Trust and Hierarchical concepts. I think I can demonstrate
mathematically that it is possible to achieve a higher work factor
that way than with either approach on its own. There are use cases
that I cannot satisfy with one or the other.

I'll note you can do that, today, with OpenPGP.  You run a CA -- start
signing OpenPGP keys with your CA Key.  Boom.  You're done.

There are some features of a new PKI that I think are fairly obvious.
It is clear for example that the energy will come from the OpenPGP
world. It is also clear that ASN.1 is as popular as a dose of ebola
and there must be no new ASN.1.

But if we do have to do a lot of new stuff, I want to go to JSON
rather than trying to muck about trying to extend the 1990s style
structures.

I don't see what "new stuff" really needs to be done.

Seriously, please tell me what (other than Name Constraints) OpenPGP is
missing in order to support your concept of a PKI?  (And I'll note that
even NC can be done in OpenPGP via notations)

-derek

-- 
       Derek Atkins                 617-623-3745
       derek(_at_)ihtfp(_dot_)com             www.ihtfp.com
       Computer and Internet Security Consultant

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>