Re: [openpgp] Opening up the debate on PKI / WoT / future of OpenPGP
2015-04-24 18:58:39On Fri, 2015-04-24 at 15:51 -0400, Phillip Hallam-Baker wrote:
Neither PKIX nor OpenPGP really provide the end user with the full set of tools needed to do comprehensive key management. The PKIX model is that the user does not have a persistent key history at all, the CA is the only party managing this. OpenPGP takes the UNIX/C attitude of give the users a sharp knife and blame them when they cut themselves.
You can have a CA model in OpenPGP as well, actually it's very simple by using trust signatures. Just found some "CA keys", sign them with an unlimited trust-sig, any you'll believe whatever they sell you. Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openpgp mailing list openpgp(_at_)ietf(_dot_)org https://www.ietf.org/mailman/listinfo/openpgp
| Previous by Date: | Re: [openpgp] rfc3880bis - hard expiration time (was: details of 4880bis work), Christoph Anton Mitterer |
|---|---|
| Next by Date: | Re: [openpgp] Fingerprints, Christoph Anton Mitterer |
| Previous by Thread: | Re: [openpgp] Opening up the debate on PKI / WoT / future of OpenPGP, Phillip Hallam-Baker |
| Next by Thread: | Re: [openpgp] Opening up the debate on PKI / WoT / future of OpenPGP, Ben McGinnes |
| Indexes: | [Date] [Thread] [Top] [All Lists] |