[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: OpenPGP certificate verification for TLS connections
From: |
Ludovic Courtès |
Subject: |
[Help-gnutls] Re: OpenPGP certificate verification for TLS connections |
Date: |
Thu, 19 Apr 2007 10:17:30 +0200 |
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) |
Hi,
Daniel Kahn Gillmor <address@hidden> writes:
> On Wed 2007-04-18 03:34:29 -0400, Ludovic Courtès wrote:
[...]
>> That's probably a useful usage pattern. The problem that I see is
>> that it would be non-standard,
>
> I'm not convinced that using User IDs for authorization is
> non-standard.
[...]
> In short, the client *authenticates* with her certificate, and the
> server *authorizes* against her User ID.
Right, but that's X.509. ;-) By "non-standard", I meant that it is not
currently standardized, e.g., by RFC 2440.
> By analogy with OpenSSL (which contains significant infrastructure for
> managing X.509 certificate hierarchy trust), i would suggest that it
> is not outside the scope of GnuTLS to implement a well-thought-out
> scheme for trust checking when using OpenPGP certificates.
Sure, but the first step would probably to try and standardize this
practice through an RFC.
Thanks,
Ludovic.
- Re: OpenPGP certificate verification for TLS connections [Was: Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'], (continued)
- Re: OpenPGP certificate verification for TLS connections [Was: Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'], Rupert Kittinger-Sereinig, 2007/04/13
- [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Ludovic Courtès, 2007/04/16
- Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Rupert Kittinger-Sereinig, 2007/04/16
- [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Ludovic Courtès, 2007/04/17
- Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Daniel Kahn Gillmor, 2007/04/17
- Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Matthias Urlichs, 2007/04/17
- Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Daniel Kahn Gillmor, 2007/04/17
- Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Rupert Kittinger-Sereinig, 2007/04/17
- [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Ludovic Courtès, 2007/04/18
- Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Daniel Kahn Gillmor, 2007/04/18
- [Help-gnutls] Re: OpenPGP certificate verification for TLS connections,
Ludovic Courtès <=
- Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Rupert Kittinger-Sereinig, 2007/04/17
- [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Ludovic Courtès, 2007/04/18
- Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Daniel Kahn Gillmor, 2007/04/18