[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gnutls-dev] OpenPGP Keys
From: |
Simon Josefsson |
Subject: |
Re: [gnutls-dev] OpenPGP Keys |
Date: |
Thu, 19 Apr 2007 11:21:13 +0200 |
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.95 (gnu/linux) |
Timo Schulz <address@hidden> writes:
> Hi,
>
> I forgot to mention that the opencdk interface for retrieving
> the validity and the ownertrust of the the key is no longer
> available. Now the question is how to handle the issue.
>
> I've seen that at least cdk_trustdb_get_ownertrust() is used
> in the signature verification code.
>
> The problem is, that ownertrust is a value each openpgp application
> associates to a key and I do not think it is a good idea to let the
> gnutls server use the values of some user from existing gpg files.
>
> Frankly, I'm not sure how to implement this. Maybe we should have our
> own 'key trust' file which stores the ownertrust of the keys. But the
> question is if these values are really used by the openpgp
> authentication at all.
>
> Any comments?
I'm thinking that the trustdb file will be the GnuTLS-specific
trustdb, and thus OpenCDK can depend on the trust information in that
file. Wouldn't that work?
Thus, it would be a bad idea to run a server with your personal
~/.gnupg/trustdb.gpg, and you would rather create a separate
trustdb.gpg for the GnuTLS server.
However, I'm not really familiar with these aspects of OpenPGP/GnuPG.
It strikes me as a bad idea to rely on GnuPG-specific files (which is
what we are doing, or?) so if it is possible to have a text file with
OpenPGP key identifiers in it that the server should trust, that seems
like a better choice. Is there any other information in the trustdb
that GnuTLS/OpenCDK needs?
Sorry for not being that familiar with this code and the design...
I'm trying to think about it conceptually.
/Simon
- [gnutls-dev] OpenPGP Keys, Timo Schulz, 2007/04/18
- Re: [gnutls-dev] OpenPGP Keys, Ludovic Courtès, 2007/04/19
- Re: [gnutls-dev] OpenPGP Keys, Timo Schulz, 2007/04/19
- Re: [gnutls-dev] OpenPGP Keys, Simon Josefsson, 2007/04/19
- Re: [gnutls-dev] OpenPGP Keys, Ludovic Courtès, 2007/04/19
- Re: [gnutls-dev] OpenPGP Keys, Simon Josefsson, 2007/04/19
- Re: [gnutls-dev] OpenPGP Keys, Timo Schulz, 2007/04/19
- Re: [gnutls-dev] OpenPGP Keys, Simon Josefsson, 2007/04/19
- Message not available
- Message not available
- Re: [gnutls-dev] OpenPGP Keys, Timo Schulz, 2007/04/20
Re: [gnutls-dev] OpenPGP Keys,
Simon Josefsson <=