Return-Path: 
 <river-dev-return-4847-apmail-incubator-river-dev-archive=incubator.apache.org@incubator.apache.org>
Delivered-To: apmail-incubator-river-dev-archive@minotaur.apache.org
Received: (qmail 15358 invoked from network); 12 Oct 2010 14:29:25 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 12 Oct 2010 14:29:25 -0000
Received: (qmail 79014 invoked by uid 500); 12 Oct 2010 14:29:24 -0000
Delivered-To: apmail-incubator-river-dev-archive@incubator.apache.org
Received: (qmail 78870 invoked by uid 500); 12 Oct 2010 14:29:23 -0000
Mailing-List: contact river-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:river-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:river-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:river-dev@incubator.apache.org>
List-Id: <river-dev.incubator.apache.org>
Reply-To: river-dev@incubator.apache.org
Delivered-To: mailing list river-dev@incubator.apache.org
Received: (qmail 78856 invoked by uid 99); 12 Oct 2010 14:29:23 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Oct 2010 14:29:23 +0000
X-ASF-Spam-Status: No, hits=0.7 required=10.0
	tests=SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (nike.apache.org: local policy)
Received: from [83.163.196.105] (HELO nyx.xs4all.nl) (83.163.196.105)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Oct 2010 14:29:15 +0000
Received: from macmini.qcg.lan ([192.168.99.5])
	by nyx.xs4all.nl with esmtp (Exim 4.71)
	(envelope-from <sim@qcg.nl>)
	id 1P5fqZ-0007Ev-1D
	for river-dev@incubator.apache.org; Tue, 12 Oct 2010 16:28:55 +0200
Message-ID: <4CB470A6.1010009@qcg.nl>
Date: Tue, 12 Oct 2010 16:28:54 +0200
From: Sim IJskes - QCG <sim@qcg.nl>
Organization: Quality Consultancy Group b.v.
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
 rv:1.9.1.12) Gecko/20100915 Thunderbird/3.0.8
MIME-Version: 1.0
To: river-dev@incubator.apache.org
Subject: Re: PGP
References: <201010121625.31200.michal.kleczek@xpro.biz>
In-Reply-To: <201010121625.31200.michal.kleczek@xpro.biz>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org

On 10/12/2010 04:25 PM, Michal Kleczek wrote:
> On Tuesday 12 of October 2010 16:13:14 Sim IJskes - QCG wrote:
>> On 10/12/2010 04:10 PM, Michal Kleczek wrote:
>>> On Tuesday 12 of October 2010 16:04:41 Sim IJskes - QCG wrote:
>>>> On 10/12/2010 03:39 PM, Michal Kleczek wrote:
>>>>> Or your code is signed with PGP - but I don't have a PGP verifier
>>>>> installed. Is it possible for you to provide me with third party PGP
>>>>> verifier code that in turn is signed with a standard X509 certificate?
>>>>
>>>> Why PGP? The PKI is the same. The CA's signing domain related
>>>> certificates are creating the inflexibility.
>>>
>>> Exactly... Hierarchical CAs are inflexible - that's why PGP (or SPKI) :)
>>
>> Strange reasoning. I'm my own CA. Whats the problem?
>
> Your CA certificate is self-signed. How can I trust it?

Exactly. PKI is delegation of trust. If you dont trust the CA (or dont 
want to pay the CA to trust you), it ends here.

PKI is no replacement of trust.

Gr. Sim