[Security] PGP (XEP-0027)

Peter Saint-Andre stpeter at stpeter.im
Tue Jun 2 12:12:43 CDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 6/2/09 11:02 AM, Stephen Paul Weber wrote:
> Somebody signing messages as Peter Saint-Andre wrote:
>> As I understood it, we were thinking that clients would generate a
>> simple key (not PGP) for use in session security. That key could be
>> signed with an OpenPGP key or X.509 cert if the user has such a beast,
>> but we would not introduce a dependency on OpenPGP or X.509.
> 
> Instead you would introduce a dependency on some new key format of your
> invention? This does not seem to be a win.  The benefit of supporting
> OpenPGP and X.509 keys is the formats are already standardised, well
> understood and supported, and widely depolyed.

No, we would probably use DSA keys. We're not in the business of making
new key formats here. :)

Peter

- --
Peter Saint-Andre
https://stpeter.im/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkolXYsACgkQNL8k5A2w/vwtPgCg0auGUut0kZOHraowIjBtjyuD
+EcAoJyifc2lHQS+1Lw1v8BQJxqYffMR
=ztJa
-----END PGP SIGNATURE-----


More information about the Security mailing list