[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuTLS 2.3.14 - third release candidate for 2.4.0
From: |
Simon Josefsson |
Subject: |
Re: GnuTLS 2.3.14 - third release candidate for 2.4.0 |
Date: |
Sun, 15 Jun 2008 23:03:27 +0200 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux) |
Daniel Kahn Gillmor <address@hidden> writes:
> On Tue 2008-06-10 18:23:01 -0400, Simon Josefsson wrote:
>
>> * Version 2.3.14 (released 2008-06-11)
>>
>> ** libgnutls [OpenPGP]: Changed OpenPGP verification behaviour.
>> An OpenPGP certificate is now only considered verified if all the user
>> IDs are verified.
>
> I've tested this change against Andreas Metzler's debian packaging of
> 2.3.14, and it looks correct. A single unverifiable User ID on the
> certificate causes verification failure. This "fail closed" behavior
> is significantly better than the earlier "fail open" behavior.
> Thanks!
>
> Hopefully for gnutls 2.6 we can cook up more nuanced OpenPGP
> certificate verification, where irrelevant unverified UserIDs don't
> cause a failure.
>
> Thanks for all the work on this,
Great. Thanks for confirming the status. I think we are ready for
2.4.0, but I'll do another release candidate now to make sure.
/Simon