Zeljko Vrba wrote: > Alphax wrote: > >> Zeljko Vrba wrote: >> >>> Joe Smith wrote: >>> >>> >>>> For example, your CA can revoke your key leaving you with one key that >>>> is invalid X.509, but valid OpenPGP? Yuck! >>>> >>> >>> Using the X.509 cert and OpenPGP public key (having the same private >>> key) could be useful in the following scenario: >>> >> >> Is that even allowed?? >> > In what sense allowed? PKCS#11 know nothing about policies.. It just > exposes a set of objects on the card (certificate, public and private > keys and maybe some other data objects along with certificates). >
It terms of using the same generic public/private keypair... how does that work? > The application is free to do whatever it wants with these objects, > given sufficient authentication to the card (PIN). Technically, there is > nothing CA can do to prevent you to use your X.509 keys as OpenPGP keys. I think I might have seen something like that with a Thawte Freemail root certificate or something... it wasn't pretty :( (eh, I think I just answered my own question, but I still don't "get it"...) -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
