[Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'

From:	Ludovic Courtès
Subject:	[Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'
Date:	Thu, 12 Apr 2007 14:06:03 +0200
User-agent:	Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)

Simon Josefsson <address@hidden> writes:

> Daniel Kahn Gillmor <address@hidden> writes:

[...]

>> I agree that it feels strange!  But i'm really hoping to see OpenPGP
>> keys used in place of X.509 certs for TLS, so we need to think about
>> what's the appropriate thing to put there, and how various Certificate
>> authorities and clients should interpret it.

[...]

> I just realized: Do we have to use the ID packet for this purpose?
> Can't we define a new OpenPGP packet, similar to the X.509 Subject
> Alternative Name extension?  I think this is similar to how X.509
> evolved: first you placed the server name in the CN, then you invented
> an extension packet to hold it.

In any case, I believe the user ID packet should just be thought of as a
human-readable hint, no more.  You don't make authorization decisions
based on what the user ID packet contains, but rather, for instance,
based on whether that key is in your list of authorized keys for the
purpose at hand.

So I don't clearly understand what specifying new textual packets would
buy us.  I don't know much about what X.509 does, though.

Thanks,
Ludovic.

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnutls] Semantics of `gnutls_openpgp_key_check_hostname ()', Ludovic Courtès, 2007/04/09
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Simon Josefsson, 2007/04/11
  - Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Daniel Kahn Gillmor, 2007/04/11
    - [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Ludovic Courtès, 2007/04/11
    - Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Daniel Kahn Gillmor, 2007/04/11
    - [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Simon Josefsson, 2007/04/12
    - [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Ludovic Courtès <=
    - [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Simon Josefsson, 2007/04/12
    - [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Ludovic Courtès, 2007/04/12
    - OpenPGP certificate verification for TLS connections [Was: Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'], Daniel Kahn Gillmor, 2007/04/12
    - [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Ludovic Courtès, 2007/04/13
    - Re: OpenPGP certificate verification for TLS connections [Was: Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'], Rupert Kittinger-Sereinig, 2007/04/13
    - [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Ludovic Courtès, 2007/04/16
    - Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Rupert Kittinger-Sereinig, 2007/04/16
    - [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Ludovic Courtès, 2007/04/17
    - Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Daniel Kahn Gillmor, 2007/04/17
    - Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Matthias Urlichs, 2007/04/17

Prev by Date: [Help-gnutls] Re: Certificate list size in `gnutls_certificate_get_peers ()'
Next by Date: [Help-gnutls] Re: Certificate list size in `gnutls_certificate_get_peers ()'
Previous by thread: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'
Next by thread: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'
Index(es):
- Date
- Thread