[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()
From: |
Daniel Kahn Gillmor |
Subject: |
Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()' |
Date: |
Wed, 11 Apr 2007 14:19:13 -0400 |
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed 2007-04-11 12:46:37 -0400, Ludovic Courtès wrote:
> It feels strange to me to fill the user ID packet with something
> that is not an RFC822 mail name, even though this is just a
> convention.
I agree that it feels strange! But i'm really hoping to see OpenPGP
keys used in place of X.509 certs for TLS, so we need to think about
what's the appropriate thing to put there, and how various Certificate
authorities and clients should interpret it.
The TLS-OpenPGP draft [0] doesn't seem to say anything about it:
Considerations about the use of the web of trust or identity and
certificate verification procedure are outside the scope of this
document. These are considered issues to be handled by the
application layer protocols.
Is there another draft addressing this issue? I think a declared
convention for certficate verification during a TLS connection would
help folks understand this new model. When you connect to a
TLS-enabled service, you aren't connecting to an RFC 822 e-mail
address. What would you look for in the UID of an OpenPGP-style cert
offered by such a service?
Any thoughts, suggestions, or pointers from other TLS-savvy folks on
this list?
--dkg
[0] http://www.ietf.org/internet-drafts/draft-ietf-tls-openpgp-keys-11.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>
iD8DBQFGHSaWiXTlFKVLY2URArFCAKCG+rHbsaNeOnY/oSL3g9+a11MNyACg/GMm
nBG22duntyceLisKRjJ4DEk=
=O5ab
-----END PGP SIGNATURE-----
- [Help-gnutls] Semantics of `gnutls_openpgp_key_check_hostname ()', Ludovic Courtès, 2007/04/09
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Simon Josefsson, 2007/04/11
- Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Daniel Kahn Gillmor, 2007/04/11
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Ludovic Courtès, 2007/04/11
- Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()',
Daniel Kahn Gillmor <=
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Simon Josefsson, 2007/04/12
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Ludovic Courtès, 2007/04/12
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Simon Josefsson, 2007/04/12
- [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()', Ludovic Courtès, 2007/04/12
- OpenPGP certificate verification for TLS connections [Was: Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'], Daniel Kahn Gillmor, 2007/04/12
- [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Ludovic Courtès, 2007/04/13
- Re: OpenPGP certificate verification for TLS connections [Was: Re: [Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'], Rupert Kittinger-Sereinig, 2007/04/13
- [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Ludovic Courtès, 2007/04/16
- Re: [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Rupert Kittinger-Sereinig, 2007/04/16
- [Help-gnutls] Re: OpenPGP certificate verification for TLS connections, Ludovic Courtès, 2007/04/17