[JDEV] PGP / Public Key retrieval

Bernd Eckenfels lists at lina.inka.de
Wed Oct 11 16:37:22 CDT 2000

On Tue, Oct 10, 2000 at 09:18:13PM -0500, mark at mjwilcox.com wrote:
> Problems of CA's in general aside, the bigger issue is using PGP. 
> PGP is a great system, but how are you going to get people to 
> sign up with existing PGP key servers?

Fetching ans Storing Keys on PGP Key Servers is done by the Software
automatically. PGP Keyservers scale quite well. I don't see a problem with
this. And there is no problem on using a CA with PGP Keys. Just get your PGP
Key signed by a commercial CA and you are done.

> MS monopoly of the 21st century), where I can go, give them $20 
> and my credit card number & presto I have a digital certificate 
> which I can use to authenticate to Web sites, sign email, and 
> perhaps even sign Jabber.

But why should we support a monopolist when we can do without? There is no
added security in a Versign class 1 Certificate compared to a PGP
Certificate, so why should we use it?

On the other hand I agree that it might be a good idea to go with X.509
Crtificates, since a lot of company owns Certification Infrastructures
already support them. But since PGP is heading that way anyway I dont see a
problem with it.

  (OO)      -- Bernd_Eckenfels at Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes at irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

More information about the JDev mailing list