yes and no. yes you can do that sort of thing with PGP, but being able to to it and having one way to do it that everyone follows are very different things.
It is entirely possible to configure pgp to give online/offline key separation as well. But the amount of effort required is non-trivial and the value is negligible if there is no code that would make use of it. Support for the model requires all the issue infrastructure support for the hierechical issuers. Sent from my iPad > On Sep 8, 2014, at 2:41 PM, Werner Koch <[email protected]> wrote: > > On Mon, 8 Sep 2014 15:53, [email protected] said: > >> to use the Google CA. One of the weaknesses of the PGP model was that >> the design ignored the fact that in many circumstances we are in >> hierarchical organization structures that the CA model matches very > > Which was fixed 16 years ago with OpenPGP (RFC-2440). OpenPGP actually > provide a superset of the features you require to implement the X.509 > model. It does not demand its use as it also does not demand the use of > the WoT or any other key validation model - this is all left to the > implementation. Both major implementations support the hierarchicalthere > model. > > > Shalom-Salam, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > _______________________________________________ Endymail mailing list [email protected] https://www.ietf.org/mailman/listinfo/endymail
