[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuTLS 2.3.14 - third release candidate for 2.4.0
From: |
Daniel Kahn Gillmor |
Subject: |
Re: GnuTLS 2.3.14 - third release candidate for 2.4.0 |
Date: |
Thu, 12 Jun 2008 10:46:59 -0400 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) |
On Tue 2008-06-10 18:23:01 -0400, Simon Josefsson wrote:
> * Version 2.3.14 (released 2008-06-11)
>
> ** libgnutls [OpenPGP]: Changed OpenPGP verification behaviour.
> An OpenPGP certificate is now only considered verified if all the user
> IDs are verified.
I've tested this change against Andreas Metzler's debian packaging of
2.3.14, and it looks correct. A single unverifiable User ID on the
certificate causes verification failure. This "fail closed" behavior
is significantly better than the earlier "fail open" behavior.
Thanks!
Hopefully for gnutls 2.6 we can cook up more nuanced OpenPGP
certificate verification, where irrelevant unverified UserIDs don't
cause a failure.
Thanks for all the work on this,
--dkg
pgp6C43raQ8ET.pgp
Description: PGP signature