[Help-gnutls] Re: OpenPGP certificate verification for TLS connections

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] Re: OpenPGP certificate verification for TLS connections

From:	Ludovic Courtès
Subject:	[Help-gnutls] Re: OpenPGP certificate verification for TLS connections
Date:	Thu, 19 Apr 2007 10:17:30 +0200
User-agent:	Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)

Hi,

Daniel Kahn Gillmor <address@hidden> writes:

> On Wed 2007-04-18 03:34:29 -0400, Ludovic Courtès wrote:

[...]

>> That's probably a useful usage pattern.  The problem that I see is
>> that it would be non-standard, 
>
> I'm not convinced that using User IDs for authorization is
> non-standard.

[...]

> In short, the client *authenticates* with her certificate, and the
> server *authorizes* against her User ID.

Right, but that's X.509.  ;-)  By "non-standard", I meant that it is not
currently standardized, e.g., by RFC 2440.

> By analogy with OpenSSL (which contains significant infrastructure for
> managing X.509 certificate hierarchy trust), i would suggest that it
> is not outside the scope of GnuTLS to implement a well-thought-out
> scheme for trust checking when using OpenPGP certificates.

Sure, but the first step would probably to try and standardize this
practice through an RFC.

Thanks,
Ludovic.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: OpenPGP certificate verification for TLS connections [Was: Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'], (continued)

Prev by Date: [Help-gnutls] Re: GnuTLS 1.6.2
Next by Date: [Help-gnutls] Re: GnuTLS 1.6.2
Previous by thread: Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections
Next by thread: Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections
Index(es):
- Date
- Thread