[62] in cryptography@c2.net mail archive
Re: S\MIME
daemon@ATHENA.MIT.EDU (Derek Atkins)
Thu Jan 16 19:09:14 1997
To: Patrick Richard <patr@xcert.com>
Cc: "Arnold G. Reinhold" <reinhold@world.std.com>,
Michael C Taylor <mctaylor@fractal.mta.ca>, cryptography@c2.net
From: Derek Atkins <warlord@mit.edu>
Date: 16 Jan 1997 17:54:51 -0500
In-Reply-To: Patrick Richard's message of Thu, 16 Jan 1997 13:46:24 -0800 (PST)
Patrick Richard <patr@xcert.com> writes:
> Anyways, you can support both X.509 and PGP all at the same time if your
> directory mutates the public key into both formats.
The problem with doing this is that you lose the X.509 and/or PGP
certification when you switch back-and-forth. If the key is natively
X.509, there are no PGP signatures on it. If it is natively PGP,
there are no X.509 signatures.
So, while you can swap back-and-forth to *use* the key, doing this at
the directory level is a Bad Idea (TM). You need to be able to verify
the key you receive from the directory.
-derek
