[Catalog-sig] User profile: PGP Key ID
Christian Heimes
christian at python.org
Wed Feb 20 21:18:37 CET 2013
Am 20.02.2013 21:12, schrieb M.-A. Lemburg:
> On 20.02.2013 21:03, Donald Stufft wrote:
>> On Wednesday, February 20, 2013 at 3:02 PM, Daniel Holth wrote:
>>> You know how to do S/MIME; how much harder would it be to use X.509 signatures as are supported with openssl and bundled GUI cert managers on all OSs?
>>
>> Signing tech doesn't really matter. I suspect societal and possibly legal requirements
>> will make that choice over technical reasons.
>
> Relying only on OpenSSL would have the great advantage of being able
> to all the verification/signing/key generation in Python.
>
> But it's missing an infrastructure to revoke keys, unless you also
> implement SSL key revocation mechanisms and have users get official
> paid/free SSL client certificates from certificate vendors that
> provide CRLs or support OTRS.
>
> At that point, the SSL infrastructure becomes just as difficult to
> deal with as GPG/PGP, so there isn't much to win both ways, IMO.
> You just have to deal with it...
David Wolever has send me this link:
https://github.com/singpolyma/OpenPGP-Python
I guess it could also be implemented on top of openssl if Python
provides bindings to RSA primitives.
Christian
More information about the Catalog-SIG
mailing list