Re: [gnutls-dev] On key usage flags

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gnutls-dev] On key usage flags

From:	Ludovic Courtès
Subject:	Re: [gnutls-dev] On key usage flags
Date:	Mon, 10 Sep 2007 18:30:15 +0200
User-agent:	Gnus/5.11 (Gnus v5.11) Emacs/22.1 (gnu/linux)

Hi,

address@hidden (Ludovic Courtès) writes:

> Recently, I tried to use OpenPGP-based authentication with the
> `RSA_NULL_MD5' cipher suite (i.e., no encryption).  To that end, I
> generated (with GnuPG) an RSA OpenPGP key pair, and wrote a test program
> that specifies the right kx/cipher/mac priorities.
>
> Unfortunately, that doesn't work, because the generated OpenPGP key
> doesn't have the "encryption" key usage flag, which means that
> `_gnutls_selected_cert_supported_kx ()' will reject it while looking for
> a cipher suite.
>
> I don't know about X.509, but OpenPGP key usage flags are informative
> rather than authoritative.  Thus, I'm wondering whether we should really
> systematically pay attention to them.  Providing the option to honor
> them (e.g., through user-definable hooks) may be wise, but enforcing it
> doesn't feel right.  In addition, GPG doesn't really permit usage flags
> to be chosen, making it hard to create a suitable key.

Ping!  :-)

Thanks in advance,
Ludovic.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [gnutls-dev] On key usage flags, Ludovic Courtès <=
- Re: [gnutls-dev] On key usage flags, Ludovic Courtès, 2007/09/11

Prev by Date: Re: [gnutls-dev] GnuTLS 2.0.0
Next by Date: Re: [gnutls-dev] On key usage flags
Previous by thread: [gnutls-dev] GnuTLS 2.0.0
Next by thread: Re: [gnutls-dev] On key usage flags
Index(es):
- Date
- Thread