From: Charles Breed <cbreed(_at_)pgp(_dot_)com>
[...]
OTOH, I'll take my VeriSign class 1 X.509 cert, Serial Number
159e8f93015f3d8b608d1e6f5bfaaf1f, Validity Start: 01/29/1997 and extract the
public key material and relevant data onto a PGP key ring. I provide you with
the 'key'/ certificate after import. (This is all experimental, no commitment
to this feature is being made here)
Thanks for the information - I'll definitely have a look at the web site.
But the proposed exercise does not address the question I raised.
You answered the question:
"given an X.509 cert, is it possible to extract the subset of
information used by PGP and import it into a PGP cert."
I agree that this is possible, probably even trivial.
The questions I wanted answers to were:
"given a set of operational requirements that X.509 was designed to
address, can that *entire* set of requirements be supported by
PGP-format certs?",
and conversely, "can the *entire* set of PGP operational requirements
be encoded into X.509-format certs?". I believe the answer to the
first question is "no", and the second is "yes", but would certainly
welcome evidence to the contrary as an opportunity to improve the PKIX
profile.
In other words, S/MIME may be used to support a wide range of users and
policies. X.509 certs can easily support web-of-trust models by
appropriate choice of DNs (just use a single RDN to hold the subject's
name or email address) and by ignoring naming constraints.
But can PGP certificates support mechanically enforced heirarchical trust
with the equivalent of X.509's nameConstraints extension (which specifies
a subset of the namespace which an issuer is trusted to certify).
More esoterically, can PGP certificates support user examination of
issuer policies with equivalents to X.509's certificatePolicies,
policyConstraints, and authorityInfoAccess extensions? These extensions
are not currently widely used, but they were defined in response to a
very real need for users to know how much to trust a given certificate.
As the market matures (i.e. after the first PKIX RFC is issued :-) use
of these extensions will become more commonplace.
Even more esoterically, can PGP certificates support mappings between
different issuers' policies? This might only be of interest to national
governments, but I suspect that it would also be useful for the
auto industry, for example, to be able to map it's notions of
information categories and assurance policies to that of the banking
industry. Or to be able to automatically determine that a Verisign
Class 3 cert is roughly equivalent in strength to a GTE "class xyzzy"
cert.
Under the assumption that the S/MIME protocol should support the needs
of the entire community of email users, but that the security overhead
of S/MIME software should be minimized by standardizing on a single
certificate format, what should that format be?