Differences: OpenPGP vs. X.509

Stefan X stefanxe at gmx.net
Tue Jan 13 20:07:54 CET 2009


Hi!
You can read in the Wikipedia article to X.509:

"[X.509] assumes a strict hierarchical system of certificate authorities
(CAs) for issuing the certificates. This contrasts with web of trust
models, like PGP, where anyone (not just special CAs) may sign and thus
attest to the validity of others' key certificates. Version 3 of X.509
includes the flexibility to support other topologies like bridges and
meshes (RFC 4158). It can be used in a peer-to-peer, OpenPGP-like web of
trust, but was rarely used that way as of 2004."

If a web-of-trust is also possible with X.509 I am wondering, what are
the remaining differences between both formats?

AFAIK file encryption and signing seems not be possible with X.509 which
can be used for e-mail only.

Which differences, benefits, and drawbacks exist for both formats?



More information about the Gnupg-devel mailing list