Re: GnuTLS 2.3.14 - third release candidate for 2.4.0

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS 2.3.14 - third release candidate for 2.4.0

From:	Daniel Kahn Gillmor
Subject:	Re: GnuTLS 2.3.14 - third release candidate for 2.4.0
Date:	Thu, 12 Jun 2008 10:46:59 -0400
User-agent:	Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux)

On Tue 2008-06-10 18:23:01 -0400, Simon Josefsson wrote:

> * Version 2.3.14 (released 2008-06-11)
>
> ** libgnutls [OpenPGP]: Changed OpenPGP verification behaviour.
> An OpenPGP certificate is now only considered verified if all the user
> IDs are verified.

I've tested this change against Andreas Metzler's debian packaging of
2.3.14, and it looks correct.  A single unverifiable User ID on the
certificate causes verification failure.  This "fail closed" behavior
is significantly better than the earlier "fail open" behavior.
Thanks!

Hopefully for gnutls 2.6 we can cook up more nuanced OpenPGP
certificate verification, where irrelevant unverified UserIDs don't
cause a failure.

Thanks for all the work on this,

       --dkg

pgp6C43raQ8ET.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

GnuTLS 2.3.14 - third release candidate for 2.4.0, Simon Josefsson, 2008/06/10
- openpgp-certs failure under wine, Simon Josefsson, 2008/06/11
  - Re: openpgp-certs failure under wine, Nikos Mavrogiannopoulos, 2008/06/12
    - Re: openpgp-certs failure under wine, Simon Josefsson, 2008/06/15
- Re: GnuTLS 2.3.14 - third release candidate for 2.4.0, Daniel Kahn Gillmor <=
  - Re: GnuTLS 2.3.14 - third release candidate for 2.4.0, Simon Josefsson, 2008/06/15

Prev by Date: Re: openpgp-certs failure under wine
Next by Date: Re: GnuTLS 2.3.12 - second release candidate for 2.4.0
Previous by thread: Re: openpgp-certs failure under wine
Next by thread: Re: GnuTLS 2.3.14 - third release candidate for 2.4.0
Index(es):
- Date
- Thread