[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: OpenPGP certificate verification for TLS connections
From: |
Ludovic Courtès |
Subject: |
[Help-gnutls] Re: OpenPGP certificate verification for TLS connections |
Date: |
Tue, 17 Apr 2007 11:27:47 +0200 |
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) |
Hi,
Rupert Kittinger-Sereinig <address@hidden> writes:
> Ludovic Courtès schrieb:
> ...
>>> One example: a secure messaging service could have millions of
>>> users. A gnupg keyring of this size may be a bit problematic, but a
>>> database should handle this easily. To validate a client connection in
>>> this scenario, we would need to:
>>> - check for a trusted signature (including expiry and revocation), we
>>> can keep this as simple as checking for one trusted key if we want.
>>
>> What do you mean by "trusted signature"? Something like an
>> "authorization certificate" signed by a "trusted authority" (see my
>> previous post)?
>>
>
> I mean trusted in the sense of the pgp trustdb. Ideally, every user
> should be able to configure how he wants to construct his web of trust.
>
> E.g. for a server application, the admin could choose a handfull of
> "user managers" whose keys he would put in the keyring and assign
> ultimte trust to each one.
>
> Another example: a user of web services could validate the server key
> fingerprint, and locally sign them with his own key.
Nitpick: As mentioned earlier in this thread, signing an OpenPGP public
key means that "the signer is testifying to his or her belief that this
public key belongs to the user identified by this user ID" [RFC 2440,
Section 10.1]. I think this is not what you want here.
Thanks,
Ludovic.
- Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', (continued)
- Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Daniel Kahn Gillmor, 2007/04/11
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Simon Josefsson, 2007/04/12
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Ludovic Courtès, 2007/04/12
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Simon Josefsson, 2007/04/12
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Ludovic Courtès, 2007/04/12
- OpenPGP certificate verification for TLS connections [Was: Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'], Daniel Kahn Gillmor, 2007/04/12
- [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Ludovic Courtès, 2007/04/13
- Re: OpenPGP certificate verification for TLS connections [Was: Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'], Rupert Kittinger-Sereinig, 2007/04/13
- [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Ludovic Courtès, 2007/04/16
- Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Rupert Kittinger-Sereinig, 2007/04/16
- [Help-gnutls] Re: OpenPGP certificate verification for TLS connections,
Ludovic Courtès <=
- Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Daniel Kahn Gillmor, 2007/04/17
- Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Matthias Urlichs, 2007/04/17
- Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Daniel Kahn Gillmor, 2007/04/17
- Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Rupert Kittinger-Sereinig, 2007/04/17
- [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Ludovic Courtès, 2007/04/18
- Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Daniel Kahn Gillmor, 2007/04/18
- [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Ludovic Courtès, 2007/04/19
- Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Rupert Kittinger-Sereinig, 2007/04/17
- [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Ludovic Courtès, 2007/04/18
- Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Daniel Kahn Gillmor, 2007/04/18