On Mon, 12 Dec 2005 10:59:05 -0600, Travis H said: > Not to side track the discussion, but frequently I've heard PKI > compared to PGP's model. Isn't PGP's trust model the same as everyone > being their own CA?
You need to clarify the trust model. The OpenPGP standard does not define any trust model at all. The standard merely defines fatures useful to implement a trust model. AFAIK, PGP provides two different trust models; with GnuPG you may also select between 4 trust models. However this is implementation specific and not part of the standard. The "classic" web of trust is just the commonly used one. It is a pity that many commonly used mail programs don't even make use of any real trust model but use the "always" trust model. The newer trust model "pgp" makes use of the advanced OpenPGP features and allows implementing a hierarchical model very similar to the X.509 one. In fact it is a superset of the X.509 model. Salam-Shalom, Werner --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
