X.509 / PKI, PGP, and IBE Secure Email Technologies

Werner Koch wk at gnupg.org
Wed Dec 14 06:07:48 EST 2005


On Mon, 12 Dec 2005 10:59:05 -0600, Travis H said:

> Not to side track the discussion, but frequently I've heard PKI
> compared to PGP's model.  Isn't PGP's trust model the same as everyone
> being their own CA?

You need to clarify the trust model.  The OpenPGP standard does not
define any trust model at all.  The standard merely defines fatures
useful to implement a trust model.

AFAIK, PGP provides two different trust models; with GnuPG you may
also select between 4 trust models.  However this is implementation
specific and not part of the standard. 

The "classic" web of trust is just the commonly used one.  It is a
pity that many commonly used mail programs don't even make use of any
real trust model but use the "always" trust model.

The newer trust model "pgp" makes use of the advanced OpenPGP features
and allows implementing a hierarchical model very similar to the X.509
one.  In fact it is a superset of the X.509 model.



Salam-Shalom,

   Werner





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list