[Security] PGP (XEP-0027)

Stephen Paul Weber singpolyma at singpolyma.net
Tue Jun 2 12:02:12 CDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Somebody signing messages as Peter Saint-Andre wrote:
> As I understood it, we were thinking that clients would generate a
> simple key (not PGP) for use in session security. That key could be
> signed with an OpenPGP key or X.509 cert if the user has such a beast,
> but we would not introduce a dependency on OpenPGP or X.509.

Instead you would introduce a dependency on some new key format of your
invention? This does not seem to be a win.  The benefit of supporting
OpenPGP and X.509 keys is the formats are already standardised, well
understood and supported, and widely depolyed.

- -- 
Stephen Paul Weber, @singpolyma
Please see <http://singpolyma.net> for how I prefer to be contacted.
edition right joseph
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBCAAGBQJKJVsTAAoJENEcKRHOUZzeTPsP+gLK0dTtOP/t7iah9+GJStbT
sqCd7TUttz1/RHm6RvzC3C/Picxm15HVml+YVGJ37gUooOe/hiFc0EJ81VuRaaDj
zRmwjn0mB8IXbCWeeZyEHGGbRsgcKCyTqoKZK+SdxAIJxyd9zI4X2Dh+AnapHX5M
UiGQIpSdqThR1oQmq4N1eZXWGy+PhYsuIfBz4ZtTs5ArIszWaRYGLYiPLEh2RG4O
PJ+4S9LEeQNQZaIVzXdfG0t5fHWKuglmhGz+6o1hZGKq4LRMx6Tyn9Fu4guQZuzx
QK12n7gAkBYt727+IRYMEq8tpLT/UvW7uXYocmEf4LPSGIdrzmkj70EVFk+N7nPE
odFhCXwbw7uvqgzjrZWUu2mkKPnhzEsC7pt35XCb/o8NCPY0SJqTctJMm5EZCqHy
9rYmFqxGdUZR+umgjwyqALhW7zuInz1kNs4SQe2erldPcaB90j0PcRPuef0YzuWy
1AZkJY13WMNq1nKGCyzRoBZ8+i0CCyhc1YmZjY071EpSKdKlLC4vTXBdy48ao9pA
sdxX4JKmurOMZ3zC8S9izT/J9dwjOpUDDr8qh6aOMiYBFxjzGyz4VzWePQwcFvng
s628Ue2OzdrcdkSf/B7LLrJ+5GGc51vJB8aLjW+U1mE4UTRHC9svyrSqSSVwnofE
oIhrIEwR9bCDrnXmmpn2
=lsn3
-----END PGP SIGNATURE-----


More information about the Security mailing list