OpenPGP Authentication Protocol?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun Dec 23 22:31:01 CET 2012


On 12/23/2012 01:23 PM, Hauke Laging wrote:
> Am So 23.12.2012, 12:01:25 schrieb Nicholas Cole:
> 
>> Is there a protocol documented anywhere for using PGP Keys for client-server 
>> authentications?
> 
> SSH? :-)

the ssh specification declares the use pgp-style certificates:

  https://tools.ietf.org/html/rfc4253#section-6.6

but does little to indicate how peers should consider them for
authentication purposes.  the majority of OpenPGP-verified ssh
connections in use on the net today are probably using raw keys on the
wire, but certifying them out-of-band via tools like the Monkeysphere.

RFC 6091 documents a mechanism for using OpenPGP certificates as peer
endpoints for a TLS session.

 http://tools.ietf.org/html/rfc6091

But similarly to the ssh situation, it may be simpler to pass "dummy"
public key placeholders (e.g. those that are well-formed X.509
certificates) and do the conversion to OpenPGP certificates on the
backend/out of band.

	--dkg



More information about the Gnupg-users mailing list