[gnutls-dev] OpenPGP security for web servers, again

john at neggie.net john at neggie.net
Sat Jan 31 17:00:18 CET 2004

I've always been frustrated with the lack of PGP support for HTTP.  Why, 
when the people I need to grant access to my web site all have PGP keys, do 
I have to deal with weak authentication schemes, forcing users to remember 
new passwords, and the poorly-designed X.509 system? 

I was surprised to find out that in 1995 the NCSA HTTP server and browser 
already had PGP support [1].  It was removed due to now-defunct export laws 
of the U.S. 

When will such functionality ever be returned to the most popular free HTTP 
server and browser?  It seems that with opencdk and the unique OpenPGP 
support in gnutls being under the GPL, we'll never see this support put into 
Apache.  Does the new Apache license change the situation? 

 -John Belmonte 

 [1] http://hoohoo.ncsa.uiuc.edu/docs/PEMPGP.html 

More information about the Gnutls-devel mailing list