Subject: Re: adding gpg to src/gnu/dist
To: Daniel Carosone <dan@geek.com.au>
From: Love <lha@stacken.kth.se>
List: tech-userlevel
Date: 05/14/2004 13:46:28
--=-=-=


Daniel Carosone <dan@geek.com.au> writes:

> For the case of key management, it's the biggest downfall of the x.509
> cert format, compared to pgp.  GPG allows that inherently, which is a
> good thing, and something we wouldn't want to "lose" otherwise -
> though it does complexify the key trust decisions. 

I think you get this wrong, how can you from a pgp certificate figure out
if the signer is approved by NetBSD to be distribution binaries when its in
your web of trust from your "trust anchor" ? By name, by keyid, one hop, N
hops ?

The strict hirarky and intended keyusage is something that is very
important for this problem.

Love


--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)

iQEVAwUAQKSxlnW+NPVfDpmCAQIujQgAiL/wrEtjLDUAOL5ToJCQoNbLBB2GTWIs
qr5RisuDGJj98+AcuA6CMSPAtizmJVLksktTWx1gP+ysaCUlqIH2A/lVQtMhUcBV
6nXORJGABRhIBbEbaATVsSpNd12NDAKOzEklr0m3trwImRCEn64RKPJEzuXST3Gz
US0wadSa6ovymeuizLwqOqQ4UJSGYTk9bx29xpOScf9OqL2R8xu74gR9zcvJWN05
5lwAT7PHOF/JFRGkLbPuYYMfUn8jHEAEUJBgKrQaKNQHp15fXQPpFUooDP60sjme
7B3SVhrKPCyiJLV/4nQOo++nDWgaCswcwW1jmEjZnIpXISUGlKxn/g==
=jPzs
-----END PGP SIGNATURE-----
--=-=-=--