On Sun, 20 Jun 2010 02:50:41 +0100, MFPA <expires2...@ymail.com> wrote: > > So in order to be safe you need additional CPU load > > either for TLS or for signing. Signing is superior IMHO > > because it allows reuse of the data (one crypto action > > (covering less data) for several users vs. one for each > > user with TLS) and makes more sense because you don't > > need a second crypto system (X.509) to protect the > > first (OpenPGP). > > Starting from where we are now, as far as I know there are no > keyservers that sign their output, but there are keyservers that use > TLS. > > And TLS does not have to be x.590. There is a draft spec for using > openpgp keys with TLS http://tools.ietf.org/search/rfc5081 which is > implemented in the GnuTLS library > http://www.gnu.org/software/gnutls/gnutls.html
This is turning into a separate thread, but while we're on it, I just wanted to point out that the Monkeysphere Project [0] currently provides a means for doing OpenPGP-based site authentication/encryption over TLS, and has discussed building a gpg plugin that can do OpenPGP validation of hkps keyserver queries: https://labs.riseup.net/code/issues/2016 jamie. [0] http://web.monkeysphere.info/
pgpTvvbTmjB9S.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
