Modernizing Web-of-trust for Organizations

Lou Wynn lewisurn at gmail.com
Fri Jan 5 00:51:38 CET 2018


On 01/04/2018 02:59 PM, Kristian Fiskerstrand wrote:
> On 01/04/2018 11:14 PM, Lou Wynn wrote:
>> Compared to using two CAs, my design introduces two properties to a
>> certificate. One is the certificate type, which is "p" for a partner and
>> "e" for an employee.
> why not make it compatible with rfc4880 directly? your proposal would
> require client handling of e.g notation data?
This is exactly the reason for my modernizing web of trust. I cannot
find a way to make it compatible with rfc4880 and meet all my goals. I'd
love to hear your alternatives if it is possible. For example, I'd like
to deprecate how trust is assigned values and used in the rfc. However,
I'd love to use existing good mechanisms as many as possible, such as
the entire PGP data format.

As for changes to PGP, I do require new certificate properties and
certificate validations to enforce trust realms and groups.

Thanks,
Lou




More information about the Gnupg-users mailing list