On Tue, Feb 04, 2014 at 04:55:56AM +0100, Hauke Laging wrote:
[snip]
Now my point: Keys can be converted from one format to the other. The
fingerprint changes but obviously the keygrip doesn't. I believe it
would make a lot of sense to create a connection between gpg and gpgsm
and point
On 02/04/2014 09:01 AM, Mark H. Wood wrote:
Having said that, you might look at how OpenSSH has included X.509
certificates in its operation. There is precedent for something like
what you suggest.
fwiw, the answer here is they haven't. Roumen Petrov's X.509 patches
remain outside of OpenSSH
On 02/03/2014 10:55 PM, Hauke Laging wrote:
This idea came to my mind while I was wondering why several CAs offer
free (but rather useless...) certificates for X.509 but not for OpenPGP.
Whatever they do with X.509 can be done with OpenPGP, too (e.g. setting
an expiration date for the
Am Di 04.02.2014, 11:09:42 schrieb Daniel Kahn Gillmor:
We have such an indicator format going in the opposite direction
(pointing from X.509 to the related OpenPGP cert). In particular,
it's the X509v3 extension known as PGPExtension
Interesting, I didn't know that.
I don't know of a
On 4 February 2014 15:47, Daniel Kahn Gillmor d...@fifthhorseman.net wrote:
On 02/04/2014 09:01 AM, Mark H. Wood wrote:
Having said that, you might look at how OpenSSH has included X.509
certificates in its operation. There is precedent for something like
what you suggest.
fwiw, the
On 4 February 2014 15:47, Daniel Kahn Gillmor d...@fifthhorseman.net wrote:
On 02/04/2014 09:01 AM, Mark H. Wood wrote:
Having said that, you might look at how OpenSSH has included X.509
certificates in its operation. There is precedent for something like
what you suggest.
fwiw, the
On 04/02/14 17:09, Daniel Kahn Gillmor wrote:
If there is a public CA that is willing to offer OpenPGP certificates, i
would like to know about it (whether they offer them with the same key they
use for their X.509 activities or not).
FWIW, CACert signs OpenPGP keys of verified people with key
On Tue, 4 Feb 2014 17:09, d...@fifthhorseman.net said:
I don't know of a formalized way to do the other mapping, but it seems
like it would be pretty straightforward to embed the full X.509
certificate in a notation packet on a self-sig (presumably a self-sig
PGP does this. IIRC, Hal Finney
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 31 January 2014 at 9:24:17 AM, in
mid:20140131092417.6515e1b0@steves-laptop, Steve Jones wrote:
Well the conventions of use, for example the key
signing party protocol, requires photographic id. If I
publicly sign a key it has
Am Di 04.02.2014, 19:38:07 schrieb Peter Lebbing:
And CACert still isn't in the default
trusted root bundle on quite some systems, I believe.
And will probably never be.
extending the trust in that broken model to OpenPGP
That is not what I suggest. You can assign certification trust to
Am Di 04.02.2014, 21:05:10 schrieb Werner Koch:
On Tue, 4 Feb 2014 17:09, d...@fifthhorseman.net said:
I don't know of a formalized way to do the other mapping, but it
seems like it would be pretty straightforward to embed the full
X.509 certificate in a notation packet on a self-sig
On 02/04/2014 12:36 PM, Hauke Laging wrote:
I don't know of a formalized way to do the other mapping, but it seems
like it would be pretty straightforward to embed the full X.509
certificate in a notation packet
Why wouldn't the fingerprint and the DN not be enough? The whole
approach is
12 matches
Mail list logo
