[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gnutls-dev] On key usage flags
From: |
Ludovic Courtès |
Subject: |
Re: [gnutls-dev] On key usage flags |
Date: |
Mon, 10 Sep 2007 18:30:15 +0200 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.1 (gnu/linux) |
Hi,
address@hidden (Ludovic Courtès) writes:
> Recently, I tried to use OpenPGP-based authentication with the
> `RSA_NULL_MD5' cipher suite (i.e., no encryption). To that end, I
> generated (with GnuPG) an RSA OpenPGP key pair, and wrote a test program
> that specifies the right kx/cipher/mac priorities.
>
> Unfortunately, that doesn't work, because the generated OpenPGP key
> doesn't have the "encryption" key usage flag, which means that
> `_gnutls_selected_cert_supported_kx ()' will reject it while looking for
> a cipher suite.
>
> I don't know about X.509, but OpenPGP key usage flags are informative
> rather than authoritative. Thus, I'm wondering whether we should really
> systematically pay attention to them. Providing the option to honor
> them (e.g., through user-definable hooks) may be wise, but enforcing it
> doesn't feel right. In addition, GPG doesn't really permit usage flags
> to be chosen, making it hard to create a suitable key.
Ping! :-)
Thanks in advance,
Ludovic.
- Re: [gnutls-dev] On key usage flags,
Ludovic Courtès <=