Il 07/12/2016 00:27, Andrew Gallagher ha scritto: > I don't see any reason why it couldn't be done in principle - anyone who > wants could set up an "authority" that produces a regular, signed list of all > the certificates it currently trusts at each point in time. The trick is a) > making sure that revocations get submitted to the authority in a timely > fashion and b) working out whether to trust the authority in the first place. > But that's a problem in OCSP too. The "stapling" part is the hardest, since with OCSP usually you need to verify that something is valid "now", while with a GPG signature you should be able to attest that something will be valid "forever". The only way to obtain that (I can think of, and assuming no online verification: online services come & go...) is having at least three different kind of keys (RSA, EC, PQ) sign at least three different hash function results *each*, so that even if an algorithm or two gets cracked the signature remains valid.
> In general, anything you can do in the X509 trust model you can do in PGP - > but with a little more effort and a lot fewer default assumptions. That's good: this way most "implicit assumptions" must be explicited and their security impatc must be evaluated. BYtE, Diego _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
