[Freedombox-discuss] my summary of yesterday's Hackfest
On 03/01/2011 10:51 AM, Matt Willsher wrote:
> My point is rather: why not just use X.509 keys and certs and why use
> GPG/PGP at all? X.509 is multi purpose, well adopted and well trusted.
X.509 is certainly widely adopted, but that's about all you can say for it.
well-trusted? not so much. here's a few links to get you started:
And due to its single-issuer-per-cert design, X.509 is intrinsically
antithetical to the decentralized model that freedombox needs to follow:
To be clear, I'm just arguing against adoption of X.509 as a certificate
format for the FreedomBox.
My argument does not cover:
* message encryption and signature formats (e.g. PGP/MIME vs. S/MIME)
* transport layer tunnelling and authentication (e.g. TLS)
these are separate decisions from the certificate formats, and should be
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1030 bytes
Desc: OpenPGP digital signature