[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: Conversion between X509 certificates and gpg keys
From: Florian Weimer <fw () deneb ! enyo ! de>
Date: 2001-02-23 8:41:51
[Download RAW message or body]
Johan Wevers <johanw@vulcan.xs4all.nl> writes:
> Florian Weimer wrote:
>
> >> I'm asking because I would like to know if gpg keys can be uniquely
> >> converted to them and vice versa.
>
> > Yes, that's possible. However, due to the nature of this process,
> > signatures on key material are not preserved which makes such
> > conversions pretty meaningless.
>
> Not necessarily. If a conversion program can also show if a X509 cert and a
> gpg key have the same data the person who signed the original gpg key can be
> rather certain he can safely sign the X509 in the knowledge that it belongs
> to the same person than the gpg key.
In this scenario, there is no need for a conversion: you can sign
your X.509 key with OpenPGP and that's it. Of course, no automatic
processing is possible, but you won't get this with your approach
either.
> It would IMO be an easy way to export an existing web of thrust to your
> certificate, thus avoiding the need of not-so-much trusted third parties.
X.509 does not support arbitrary graphs, only forests consisting of a
limited number of trees, so a conversion loses information.
On the other hand, I have quite a lot of doubts regarding some X.509
implementations (for instance, at least one grants *all*
rights/applications to a certificate if it doesn't limit its rights
itself; this can hardly be considered security practice). I wouldn't
want to work on my private key material with most of them.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic