S/MIME and web of trust (was Re: NAI pulls out the DMCA stick)
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon May 27 01:11:18 PDT 2002
Eric Murray <ericm at lne.com> writes:
>Additionally, there is nothing that prevents one from issuing certs that can
>be used to sign other certs. Sure, there are key usage bits etc but its
>possible to ignore them. It should be possible to create a PGP style web of
>trust using X.509 certs, given an appropriate set of cert extensions.
I proposed some very simple additions to X.509 which would allow you to use the
certs in the same way as PGP keys a year or two back. Unfortunately the PKIX
WG chair is about as open to PGP-style additions to X.509 as some PGP people
are towards S/MIME.
(You can also do PGP using X.509 certs, I've been doing that for awhile just
out of sheer bloody-mindedness :-).
Peter.
More information about the cypherpunks-legacy
mailing list