[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS 2.3.14 - third release candidate for 2.4.0

From: Daniel Kahn Gillmor
Subject: Re: GnuTLS 2.3.14 - third release candidate for 2.4.0
Date: Thu, 12 Jun 2008 10:46:59 -0400
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux)

On Tue 2008-06-10 18:23:01 -0400, Simon Josefsson wrote:

> * Version 2.3.14 (released 2008-06-11)
> ** libgnutls [OpenPGP]: Changed OpenPGP verification behaviour.
> An OpenPGP certificate is now only considered verified if all the user
> IDs are verified.

I've tested this change against Andreas Metzler's debian packaging of
2.3.14, and it looks correct.  A single unverifiable User ID on the
certificate causes verification failure.  This "fail closed" behavior
is significantly better than the earlier "fail open" behavior.

Hopefully for gnutls 2.6 we can cook up more nuanced OpenPGP
certificate verification, where irrelevant unverified UserIDs don't
cause a failure.

Thanks for all the work on this,


Attachment: pgp6C43raQ8ET.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]