[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'
From: |
Simon Josefsson |
Subject: |
[Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()' |
Date: |
Wed, 11 Apr 2007 15:30:11 +0200 |
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.95 (gnu/linux) |
address@hidden (Ludovic Courtès) writes:
> Hi,
>
> Currently, `gnutls_openpgp_key_check_hostname ()' will only return true
> if one of the key's names matches _exactly_ HOSTNAME. Since key names
> are not supposed to be host names but rather RFC822 strings, this is of
> little use.
>
> Perhaps it should rather check whether the email part of one of the key
> names matches HOSTNAME?
I'm not sure... it is pretty important that name checks are well
defined. As I recall, there are no clear requirements on what key
names should be in the standard, or is there?
How do this cause problems? Perhaps we can solve it by simply
improving documentation to make it clear that you'll have to generate
a OpenPGP key with a name matching exactly the server's. Adding
better warnings to gnutls-cli/gnutls-serv when this isn't true might
help too.
/Simon
- [Help-gnutls] Semantics of `gnutls_openpgp_key_check_hostname ()', Ludovic Courtès, 2007/04/09
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()',
Simon Josefsson <=
- Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Daniel Kahn Gillmor, 2007/04/11
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Ludovic Courtès, 2007/04/11
- Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Daniel Kahn Gillmor, 2007/04/11
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Simon Josefsson, 2007/04/12
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Ludovic Courtès, 2007/04/12
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Simon Josefsson, 2007/04/12
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Ludovic Courtès, 2007/04/12
- OpenPGP certificate verification for TLS connections [Was: Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'], Daniel Kahn Gillmor, 2007/04/12
- [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Ludovic Courtès, 2007/04/13
- Re: OpenPGP certificate verification for TLS connections [Was: Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'], Rupert Kittinger-Sereinig, 2007/04/13