[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Freedombox-discuss] my summary of yesterday's Hackfest

On 03/01/2011 10:51 AM, Matt Willsher wrote:
> My point is rather: why not just use X.509 keys and certs and why use
> GPG/PGP at all? X.509 is multi purpose, well adopted and well trusted.

X.509 is certainly widely adopted, but that's about all you can say for it.

well-trusted?  not so much. here's a few links to get you started:





And due to its single-issuer-per-cert design, X.509 is intrinsically
antithetical to the decentralized model that freedombox needs to follow:


To be clear, I'm just arguing against adoption of X.509 as a certificate
format for the FreedomBox.

My argument does not cover:

 * message encryption and signature formats (e.g. PGP/MIME vs. S/MIME)
 * transport layer tunnelling and authentication (e.g. TLS)

these are separate decisions from the certificate formats, and should be
made separately.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110301/07146b2a/attachment.pgp>

Reply to: