[JDEV] PGP / Public Key retrieval
Bernd Eckenfels
lists at lina.inka.de
Wed Oct 11 16:37:22 CDT 2000
On Tue, Oct 10, 2000 at 09:18:13PM -0500, mark at mjwilcox.com wrote:
> Problems of CA's in general aside, the bigger issue is using PGP.
> PGP is a great system, but how are you going to get people to
> sign up with existing PGP key servers?
Fetching ans Storing Keys on PGP Key Servers is done by the Software
automatically. PGP Keyservers scale quite well. I don't see a problem with
this. And there is no problem on using a CA with PGP Keys. Just get your PGP
Key signed by a commercial CA and you are done.
> MS monopoly of the 21st century), where I can go, give them $20
> and my credit card number & presto I have a digital certificate
> which I can use to authenticate to Web sites, sign email, and
> perhaps even sign Jabber.
But why should we support a monopolist when we can do without? There is no
added security in a Versign class 1 Certificate compared to a PGP
Certificate, so why should we use it?
On the other hand I agree that it might be a good idea to go with X.509
Crtificates, since a lot of company owns Certification Infrastructures
already support them. But since PGP is heading that way anyway I dont see a
problem with it.
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels at Wendelinusstrasse39.76646Bruchsal.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes at irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
More information about the JDev
mailing list