[prev in list] [next in list] [prev in thread] [next in thread]
List: pgp-keyserver-folk
Subject: Re: PGP kerserver infrastructure
From: Michael Helm <helm () fionn ! es ! net>
Date: 2000-06-30 21:47:23
[Download RAW message or body]
"L. Sassaman" writes:
> X.509 is a much older and cruftier standard. PGP is recognised by most to
> be the superior method for handling email and file encryption and signing.
> X.509 is designed to satisfy situations where there is a complex heirarchy
> in an X.500 setting.
I don't know about the first claim; PGP certainly developed partly
in response to PEM, which was based on hierarchies. Which standard is better
I think is up to customers to decide.
X.509 really has nothing to do with hierarchies. This is a misunderstanding
probably based on where it came to most people's attention: the PEM
rfc's, especially rfc 1422. This RFC & the PEM proposal had a hierarchical
data model which never came to pass. I think that if you ask Stephen
Kent today you'll get a pretty clear explanation of why X509 != hierarchies.
Even X.500 does not require much of a hierarchy; it's the implementation
& data model for the world-wide DIT that required one.
Obviously X.509 certificates are a whole lot happier in rigid hierarchies
than webs of signed PGP keys.
> Note, also, that it is extremely easy to bind an X.509 cetificate to an
> OpenPGP key, for instances where X.509 is necessary. You can also have
> multiple X.509 certificates bound to one OpenPGP key, all sharing the same
> key material. Much more convenient.
I think this glacially slow movement towards interoperatibility is
a real value center. If we could sign & encrypt information &
not have to worry whether the recipient believes in one god, three,
or a million, that would be useful. The moral of this is that a
future keyserver that could interoperate with x509 certificate
infrastructures lurking in the neighborhood could also be a good thing.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic