S/MIME and web of trust (was Re: NAI pulls out the DMCA stick)

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon May 27 01:11:18 PDT 2002

Eric Murray <ericm at lne.com> writes:

>Additionally, there is nothing that prevents one from issuing certs that can
>be used to sign other certs.  Sure, there are key usage bits etc but its
>possible to ignore them.  It should be possible to create a PGP style web of
>trust using X.509 certs, given an appropriate set of cert extensions.

I proposed some very simple additions to X.509 which would allow you to use the
certs in the same way as PGP keys a year or two back.  Unfortunately the PKIX
WG chair is about as open to PGP-style additions to X.509 as some PGP people
are towards S/MIME.

(You can also do PGP using X.509 certs, I've been doing that for awhile just
 out of sheer bloody-mindedness :-).


More information about the cypherpunks-legacy mailing list