-----BEGIN PGP SIGNED MESSAGE-----
At 14:37 09-07-1997 -0400, David P. Kemp wrote:
The questions I wanted answers to were:
"given a set of operational requirements that X.509 was designed to
address, can that *entire* set of requirements be supported by
PGP-format certs?",
and conversely, "can the *entire* set of PGP operational requirements
be encoded into X.509-format certs?". I believe the answer to the
first question is "no", and the second is "yes", but would certainly
welcome evidence to the contrary as an opportunity to improve the PKIX
profile.
Assuming, for the sake of argument that you are correct, X.509 certs are the
way to go. PGP is widely deployed, and the source is available, but the
X.509 specs are available too. The ability to support expiration and other
features is becoming more important as encryption and authentication become
more common.
PGP's certificate format does not support these advanced features. It can
probably be upgraded to support X.509 and still keep backwards
compatibility. Any PGP programmer types care to comment?
The goal for this group is to come up with the best standard possible. I
believe that X.509 cert standards are a key to reaching that goal.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: cp850
Comment: Anthony E. Greene <agreene(_at_)pobox(_dot_)com> pub 1083 0x78cd4329
iQCdAwUBM8PewURUP9V4zUMpAQGqGwQ5AXpf67VdN0skQKpS7uJygmqiXyw3U3VG
eUlLoJcruz5hxo28fzYSc9nYr95Mj0DK5i1+aYEExjZY9KpTsLISficOgjmGzq2f
loj3s2Y1VT/LPXGaiUwG30zn8lAYk+0Ok1E/O+FXVhSxCEG6kj2F9W12WFqrWlyT
XeD4XpNsvA356CMui5W6mA==
=CLD1
-----END PGP SIGNATURE-----
============================================================
Anthony E. Greene <agreene(_at_)pobox(_dot_)com>
Use PGP -- Envelopes and Signatures for Email
My PGP Key: <http://www.pobox.com/~agreene/pgp/agreene.key>
Freeware Win95 PGP: <http://web.mit.edu/network/pgp.html>
PGP FAQ: <http://www.pgp.net/pgpnet/pgp-faq/>
============================================================