[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'
From: |
Ludovic Courtès |
Subject: |
[Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()' |
Date: |
Wed, 11 Apr 2007 18:46:37 +0200 |
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) |
Hi,
Daniel Kahn Gillmor <address@hidden> writes:
> For example, if foo.example.com runs an LDAP service as a
> non-privileged user (STARTTLS-enabled, of course), i'd prefer that the
> uid on the key used was something like
>
> ldap://foo.example.com/
>
> and not just "foo.example.com". Otherwise, a compromised LDAP service
> could masquerade as other services on the same machine.
>
> I'm not sure that a URI is the right thing to put there, but some
> indication of the service in particular is probably worth considering.
It feels strange to me to fill the user ID packet with something that is
not an RFC822 mail name, even though this is just a convention.
The Debian archive keys, for instance, contain a regular mail name, not
just "http://www.debian.org/" or some such. The textual part (e.g.,
"Etch Stable Release Key") proves to be quite useful since it conveys
additional information. Of course, that information could be made part
of an appropriately crafted URI (e.g.,
"http://www.debian.org/releases/etch/"), but that would be less
user-friendly... and less conventional.
So I don't know what would be best for `openpgp_key_check_hostname ()'.
Thanks,
Ludovic.
- [Help-gnutls] Semantics of `gnutls_openpgp_key_check_hostname ()', Ludovic Courtès, 2007/04/09
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Simon Josefsson, 2007/04/11
- Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Daniel Kahn Gillmor, 2007/04/11
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()',
Ludovic Courtès <=
- Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Daniel Kahn Gillmor, 2007/04/11
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Simon Josefsson, 2007/04/12
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Ludovic Courtès, 2007/04/12
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Simon Josefsson, 2007/04/12
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Ludovic Courtès, 2007/04/12
- OpenPGP certificate verification for TLS connections [Was: Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'], Daniel Kahn Gillmor, 2007/04/12
- [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Ludovic Courtès, 2007/04/13
- Re: OpenPGP certificate verification for TLS connections [Was: Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'], Rupert Kittinger-Sereinig, 2007/04/13
- [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Ludovic Courtès, 2007/04/16
- Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Rupert Kittinger-Sereinig, 2007/04/16