river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michal Kleczek <michal.klec...@xpro.biz>
Subject Re: PGP
Date Tue, 12 Oct 2010 14:38:55 GMT
On Tuesday 12 of October 2010 16:28:54 Sim IJskes - QCG wrote:
> On 10/12/2010 04:25 PM, Michal Kleczek wrote:
> > On Tuesday 12 of October 2010 16:13:14 Sim IJskes - QCG wrote:
> >> On 10/12/2010 04:10 PM, Michal Kleczek wrote:
> >>> On Tuesday 12 of October 2010 16:04:41 Sim IJskes - QCG wrote:
> >>>> On 10/12/2010 03:39 PM, Michal Kleczek wrote:
> >>>>> Or your code is signed with PGP - but I don't have a PGP verifier
> >>>>> installed. Is it possible for you to provide me with third party
PGP
> >>>>> verifier code that in turn is signed with a standard X509
> >>>>> certificate?
> >>>> 
> >>>> Why PGP? The PKI is the same. The CA's signing domain related
> >>>> certificates are creating the inflexibility.
> >>> 
> >>> Exactly... Hierarchical CAs are inflexible - that's why PGP (or SPKI)
> >>> :)
> >> 
> >> Strange reasoning. I'm my own CA. Whats the problem?
> > 
> > Your CA certificate is self-signed. How can I trust it?
> 
> Exactly. PKI is delegation of trust. If you dont trust the CA (or dont
> want to pay the CA to trust you), it ends here.
> 
> PKI is no replacement of trust.
> 

I know - but somehow we went far away from the original subject.
My point is - can our trust decisions be based on something more flexible than 
it is right now in Jini?
As far as I understand you're saying "let's just base our trust decisions on 
X509 certificates and nothing more". I say - "let's allow extending it - I base 
my trust in you on X509 certificate but allow you to transfer my trust to 
someone else and I don't care if it is based on X509 or smoke signals"

Michal

Mime
View raw message