On Tue, Feb 04, 2014 at 04:55:56AM +0100, Hauke Laging wrote:
[snip]
> Now my point: Keys can be converted from one format to the other. The
> fingerprint changes but obviously the keygrip doesn't. I believe it
> would make a lot of sense to create a connection between gpg and gpgsm
> and point
On 02/04/2014 09:01 AM, Mark H. Wood wrote:
> Having said that, you might look at how OpenSSH has included X.509
> certificates in its operation. There is precedent for something like
> what you suggest.
fwiw, the answer here is "they haven't". Roumen Petrov's X.509 patches
remain outside of Ope
On 02/03/2014 10:55 PM, Hauke Laging wrote:
> This idea came to my mind while I was wondering why several CAs offer
> free (but rather useless...) certificates for X.509 but not for OpenPGP.
> Whatever they do with X.509 can be done with OpenPGP, too (e.g. setting
> an expiration date for the si
Am Di 04.02.2014, 11:09:42 schrieb Daniel Kahn Gillmor:
> We have such an indicator format going in the opposite direction
> (pointing from X.509 to the related OpenPGP cert). In particular,
> it's the X509v3 extension known as PGPExtension
Interesting, I didn't know that.
> I don't know of a
On 4 February 2014 15:47, Daniel Kahn Gillmor wrote:
> On 02/04/2014 09:01 AM, Mark H. Wood wrote:
> > Having said that, you might look at how OpenSSH has included X.509
> > certificates in its operation. There is precedent for something like
> > what you suggest.
>
> fwiw, the answer here is "t
On 4 February 2014 15:47, Daniel Kahn Gillmor wrote:
> On 02/04/2014 09:01 AM, Mark H. Wood wrote:
> > Having said that, you might look at how OpenSSH has included X.509
> > certificates in its operation. There is precedent for something like
> > what you suggest.
>
> fwiw, the answer here is "t
On 04/02/14 17:09, Daniel Kahn Gillmor wrote:
> If there is a public CA that is willing to offer OpenPGP certificates, i
> would like to know about it (whether they offer them with the same key they
> use for their X.509 activities or not).
FWIW, CACert signs OpenPGP keys of verified people with k
On Tue, 4 Feb 2014 17:09, d...@fifthhorseman.net said:
> I don't know of a formalized way to do the other mapping, but it seems
> like it would be pretty straightforward to embed the full X.509
> certificate in a notation packet on a self-sig (presumably a self-sig
PGP does this. IIRC, Hal Finn
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 31 January 2014 at 9:24:17 AM, in
, Steve Jones wrote:
> Well the conventions of use, for example the key
> signing party protocol, requires photographic id. If I
> publicly sign a key it has to be in line with how I
> expect others
Am Di 04.02.2014, 19:38:07 schrieb Peter Lebbing:
> And CACert still isn't in the default
> trusted root bundle on quite some systems, I believe.
And will probably "never" be.
> extending the trust in that broken model to OpenPGP
That is not what I suggest. You can assign certification trust t
Am Di 04.02.2014, 21:05:10 schrieb Werner Koch:
> On Tue, 4 Feb 2014 17:09, d...@fifthhorseman.net said:
> > I don't know of a formalized way to do the other mapping, but it
> > seems like it would be pretty straightforward to embed the full
> > X.509 certificate in a notation packet on a self-sig
On 02/04/2014 12:36 PM, Hauke Laging wrote:
>> I don't know of a formalized way to do the other mapping, but it seems
>> like it would be pretty straightforward to embed the full X.509
>> certificate in a notation packet
>
> Why wouldn't the fingerprint and the DN not be enough? The whole
> appro
12 matches
Mail list logo
