[svn] GnuPG - r4045 - trunk

svn author dshaw cvs at cvs.gnupg.org
Wed Mar 8 03:36:37 CET 2006 

Author: dshaw
Date: 2006-03-08 03:36:37 +0100 (Wed, 08 Mar 2006)
New Revision: 4045

Modified:
   trunk/ChangeLog
   trunk/NEWS
Log:
* NEWS: Note CERT retrieval.  Tweak PKA and backsig language to match
current code.


Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2006-03-07 22:44:23 UTC (rev 4044)
+++ trunk/ChangeLog	2006-03-08 02:36:37 UTC (rev 4045)
@@ -1,5 +1,8 @@
 2006-03-07  David Shaw  <dshaw at jabberwocky.com>
 
+	* NEWS: Note CERT retrieval.  Tweak PKA and backsig language to
+	match current code.
+
 	* NEWS: Note --auto-key-locate and that keyservers can handle
 	binary data now.
 

Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2006-03-07 22:44:23 UTC (rev 4044)
+++ trunk/NEWS	2006-03-08 02:36:37 UTC (rev 4045)
@@ -11,14 +11,11 @@
       Note also that a future version of GnuPG will remove the old
       keyserver helpers altogether.
 
-    * Implemented Public Key Association (PKA) trust sub model.  This
-      is an optional trust model on top of the standard ones.  It make
-      use of special DNS records and notation data to associate a mail
-      address with an OpenPGP key. It is by default not used.  To use
-      it you need to set the new option --allow-pka-lookup and an
-      appropriate trust-model.  Also added new keyserver option
-      auto-pka-retrieve which is enabled by default but only working
-      if --allow-pka-lookup is also used.
+    * Implemented Public Key Association (PKA) signature verification.
+      This uses special DNS records and notation data to associate a
+      mail address with an OpenPGP key to prove that mail coming from
+      that address is legitimate without the need for a full trust
+      path to the signing key.
 
     * When exporting subkeys, those specified with a key ID or
       fingerpint and the '!' suffix are now merged into one keyblock.
@@ -26,12 +23,12 @@
     * Added "gpg-zip", a program to create encrypted archives that can
       interoperate with PGP Zip.
 
-    * Added support for signing subkey "back signatures".  Requiring
-      back signatures to be present is currently off by default, but
-      will be changed to on by default in the future, once more keys
-      contain the back signature.  A new "backsign" command in the
-      --edit-key menu can be used to update signing subkeys with back
-      signatures.
+    * Added support for signing subkey cross-certification "back
+      signatures".  Requiring cross-certification to be present is
+      currently off by default, but will be changed to on by default
+      in the future, once more keys use it.  A new "cross-certify"
+      command in the --edit-key menu can be used to update signing
+      subkeys to have cross-certification.
 
     * The key cleaning options for --import-options and
       --export-options have been further polished.  "import-clean" and
@@ -67,7 +64,10 @@
       currently defined keyserver), as well as arbitrary keyserver
       URIs that will be contacted for the key.
 
+    * Able to retrieve keys using DNS CERT records as per RFC-2538bis
+      (currently in draft): http://www.josefsson.org/rfc2538bis
 
+
 Noteworthy changes in version 1.4.2 (2005-07-26)
 ------------------------------------------------

More information about the Gnupg-commits mailing list