I'm working on a decentralized transaction processing system that needs both authentication and general encryption, and I have a design decision to make: should I use PGP or X.509 certificates?
While the world tends to use X.509 for authentication (especially in browsers), they are based on the principle of having a central authority vouch for each certificate, meaning the system would need a CA and anyone who wants to participate in the system would need to have their keys signed by that CA.
PGP, on the other hand, is based on a "Web of Trust", where parties who want to communicate merely need to have any trusted party in common who will sign both keys. A CA isn't necessary in this case.
My overall design goals prefer the Web-of-Trust model, to keep the system decentralized, but I may also have customers who prefer a centralized model, and I don't want to prohibit that possibility. Is there anything stopping the Web-of-Trust principle from working with X.509? Likewise, is it easy and straightforward to mimic CAs in the PGP cryptosystem? Are they interchangeable in practice?
(For some reason, this is making me think of the false dichtomy: "I'm trying to bang in a nail, should I use a beer bottle or the heel of a shoe?")
Best Answer
PGP keyservers can act as an authoritative point of trust(similar to a CA). The thing I like about PGP keys/keyservers is that I choose which sources to trust to build this web. In most modern OSes and applications using x509/CA/web-browser model there are "chain of trust" issues where there are several ways to fool/break the chain. Alternately, you can run your own CA, but if you do and someone with a signing certificate from an automatically imported one(an isp/foreign government for example) could break your chain of trust trivially. You wouldn't even know.