From nmav at gnutls.org Sat Apr 3 14:28:54 2004 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sat Apr 3 13:23:09 2004 Subject: [gnutls-dev] gnutls 1.0.10 Message-ID: <200404031528.54589.nmav@gnutls.org> I've just released gnutls 1.0.10. This is a bugfix release. - Corrected bug in RSA parameters handling which could cause unexpected crashes. - Corrected bug in SSL 3.0 authentication. -- Nikos Mavroyanopoulos From atom at suspicious.org Fri Apr 9 02:27:06 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Fri Apr 9 02:24:32 2004 Subject: [gnutls-dev] GnuTLS OpenPGP key support Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 from what i've found, OpenPGP key support is not yet an official part of the TLS standard. is there any opposition that the TLS WG will take seriously? i'd guess that verisign/thawte don't want this to happen, but how much influence do they hold in determining whether or not it becomes a standard? any guess when it should be officially part of the TLS protocol? in the meantime, if i wanted to use this, would i have to do some major modification to apache and my web browser? thanks.... ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 ------------------------------------------------- "I think this is the worst government the US has ever had in its more than 200 years of history. It has engaged in extraordinarily irresponsible policies not only in foreign and economic but also in social and environmental policy. This is not normal government policy. Now is the time for people to engage in civil disobedience." -- George A. Akerlof, July 2003 2001 Nobel Prize laureate for Economics -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iD8DBQFAde3fnCgLvz19QeMRAhkgAKCcpp7fJ21cHJK/pjrxgMugpnII6gCeMuMf VpTAFs0OnVUPUKR60G2JDZs= =5WxS -----END PGP SIGNATURE----- From nmav at gnutls.org Fri Apr 9 15:55:11 2004 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Fri Apr 9 14:48:59 2004 Subject: [gnutls-dev] GnuTLS OpenPGP key support In-Reply-To: References: Message-ID: <200404091655.11047.nmav@gnutls.org> On Friday 09 April 2004 03:27, Atom 'Smasher' wrote: > from what i've found, OpenPGP key support is not yet an official part of > the TLS standard. is there any opposition that the TLS WG will take > seriously? No there was no opposition to this draft. The problem was that there wasn't much interest in the TLS working group, and there is not 2nd implementation of the draft except for gnutls'. > i'd guess that verisign/thawte don't want this to happen, but > how much influence do they hold in determining whether or not it becomes a > standard? None. Just don't expect them to vote it to advance it as standard. > any guess when it should be officially part of the TLS protocol? I keep resubmiting it now and then. I'll > in the meantime, if i wanted to use this, would i have to do some major > modification to apache and my web browser? Openssl does not support this draft, so it is not possible to use it with apache. As far as I know the only server that currently supports it, is "thy" ( http://bonehunter.rulez.org/Thy.phtml ) > thanks.... > ...atom -- Nikos Mavroyanopoulos From atom at suspicious.org Fri Apr 9 19:18:13 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Fri Apr 9 19:15:30 2004 Subject: [gnutls-dev] GnuTLS OpenPGP key support In-Reply-To: <200404091655.11047.nmav@gnutls.org> References: <200404091655.11047.nmav@gnutls.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 is there anything that can be done by interested parties (not involved with drafting or developing the spec) to encourage the WG to include openPGP support in the official spec? a distributed web-of-trust PKI would be a tremendous feature to TLS, not to mention how much easier it is to generate and manage openPGP keys than x509 certificates. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 ------------------------------------------------- "The animals of the world exist for their own reasons. They were not made for humans any more than black people were made for white, or women created for men." -- Alice Walker -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iD8DBQFAdtrZnCgLvz19QeMRAu9rAKCXoy7C2VrY3Z0sWiTHsRCvZmKqIACdGTaB WGonoA/FS+I+NjdDH1PgW5M= =tIOt -----END PGP SIGNATURE----- From john at neggie.net Fri Apr 9 20:31:59 2004 From: john at neggie.net (John Belmonte) Date: Fri Apr 9 20:29:22 2004 Subject: [gnutls-dev] GnuTLS OpenPGP key support In-Reply-To: References: <200404091655.11047.nmav@gnutls.org> Message-ID: <4076EC1F.90308@neggie.net> > is there anything that can be done by interested parties (not involved > with drafting or developing the spec) to encourage the WG to include > openPGP support in the official spec? I bet adding support to Apache would get the ball rolling. Not a bite-sized task though :-). -John -- http:// if ile.org/ From nmav at gnutls.org Sun Apr 11 01:35:39 2004 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sun Apr 11 00:29:57 2004 Subject: [gnutls-dev] GnuTLS OpenPGP key support In-Reply-To: References: <200404091655.11047.nmav@gnutls.org> Message-ID: <200404110235.40117.nmav@gnutls.org> On Friday 09 April 2004 20:18, Atom 'Smasher' wrote: > is there anything that can be done by interested parties (not involved > with drafting or developing the spec) to encourage the WG to include > openPGP support in the official spec? Currently it would help having a second implementation of the openpgp draft. > ...atom -- Nikos Mavroyanopoulos From nmav at gnutls.org Wed Apr 14 16:06:47 2004 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Wed Apr 14 15:00:58 2004 Subject: [gnutls-dev] gnutls 1.1.9 Message-ID: <200404141706.47748.nmav@gnutls.org> I've just released gnutls 1.1.9. The changes since 1.1.8 are: - Added support for authority key identifier and the extended key usage X.509 extension fields. The certtoool was updated to support them. - The RC2 cipher is no more included. The one in libgcrypt is now used. - Added batch support to certtool. Now can use templates. -- Nikos Mavroyanopoulos From nmav at gnutls.org Sat Apr 17 16:55:28 2004 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sat Apr 17 15:49:40 2004 Subject: [gnutls-dev] gnutls 1.0.11 Message-ID: <200404171755.28154.nmav@gnutls.org> I've just released gnutls 1.0.11. The changes since 1.0.10 are: - Added gnutls_sign_algorithm_get_name() and gnutls_pk_algorithm_get_name() - Corrected bug in TLS renegotiation. -- Nikos Mavroyanopoulos From nmav at gnutls.org Fri Apr 23 09:02:20 2004 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Fri Apr 23 08:56:26 2004 Subject: [gnutls-dev] gnutls 1.0.12 Message-ID: <200404231002.20511.nmav@gnutls.org> I've released gnutls 1.0.12. The changes since the last release are: - Corrected bug in OpenPGP key loading using a callback. - Renamed gnutls-srpcrypt to srptool - Allow handshake requests by the client. * Things backported from the development branch: - Added support for authority key identifier and the extended key usage X.509 extension fields. The certtoool was updated to support them. - Added batch support to certtool. Now it can use templates. - The RC2 cipher is no more included. The one in libgcrypt is now used. -- Nikos Mavroyanopoulos From nmav at gnutls.org Mon Apr 26 11:14:17 2004 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Mon Apr 26 15:33:16 2004 Subject: [gnutls-dev] proftpd + gnutls Message-ID: <200404261214.17748.nmav@gnutls.org> In http://members.hellug.gr/nmav/misc/proftpd/ I've put a modified version of proftpd's mod_tls module that uses gnutls instead of openssl and includes support for OpenPGP keys and SRP authentication as well. To use it, you must replace mod_tls.c in proftpd's contrib/ directory with mod_gnutls.c and enable mod_tls from the configure script. The next thing in my queue is to modify one of the bsd ftp clients to support gnutls with SRP and PGP. Unfortunately there seem to be so many forks of bsd-ftp and all of them seem unmaintained. -- Nikos Mavroyanopoulos From jas at extundo.com Mon Apr 26 16:44:28 2004 From: jas at extundo.com (Simon Josefsson) Date: Mon Apr 26 16:47:41 2004 Subject: [gnutls-dev] Re: proftpd + gnutls References: <200404261214.17748.nmav@gnutls.org> Message-ID: Nikos Mavroyanopoulos writes: > The next thing in my queue is to modify one of the bsd ftp clients > to support gnutls with SRP and PGP. Unfortunately there seem to be > so many forks of bsd-ftp and all of them seem unmaintained. Perhaps patching the copy in GNU InetUtils would be useful, at least as far as the GNU project is concerned? Not that I'm sure anyone is actively maintaining it, either, though... Regards, Simon From nmav at gnutls.org Wed Apr 28 11:03:49 2004 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Wed Apr 28 10:57:36 2004 Subject: [gnutls-dev] gnutls 1.0.12 In-Reply-To: <408F6959.4010700@lunar-linux.org> References: <408F6959.4010700@lunar-linux.org> Message-ID: <200404281203.49072.nmav@gnutls.org> On Wednesday 28 April 2004 11:20, Jerry Lundstr?m wrote: > | X.509 extension fields. The certtoool was updated to support them. > | - Added batch support to certtool. Now it can use templates. > | - The RC2 cipher is no more included. The one in libgcrypt is now used. > Hehe, a little oops on your side there with RC2: > Making all in lib > make[2]: Entering directory `/usr/src/gnutls-1.0.12/lib' > Making all in x509 > make[3]: Entering directory `/usr/src/gnutls-1.0.12/lib/x509' > make[3]: Nothing to be done for `all'. > make[3]: Leaving directory `/usr/src/gnutls-1.0.12/lib/x509' > make[3]: Entering directory `/usr/src/gnutls-1.0.12/lib' > make[3]: *** No rule to make target `x509/rc2.lo', needed by > `libgnutls.la'. Stop. > make[3]: Leaving directory `/usr/src/gnutls-1.0.12/lib' > make[2]: *** [all-recursive] Error 1 > make[2]: Leaving directory `/usr/src/gnutls-1.0.12/lib' > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory `/usr/src/gnutls-1.0.12' > make: *** [all] Error 2 > And more problems with cfg in src. Thank you for reporting this. I've commited a fix in the cvs, and a fixed version will be out in a few days. -- Nikos Mavroyanopoulos From nmav at gnutls.org Thu Apr 29 09:27:59 2004 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Thu Apr 29 09:21:35 2004 Subject: [gnutls-dev] gnutls 1.0.13 Message-ID: <200404291027.59873.nmav@gnutls.org> gnutls 1.0.13 with the compilation fixes is out. All of the changes are: - Some complilation fixes. - Added the --xml parameter to the certtool utility. -- Nikos Mavroyanopoulos From nmav at gnutls.org Fri Apr 30 00:47:30 2004 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Fri Apr 30 00:49:09 2004 Subject: [gnutls-dev] ftp + gnutls Message-ID: <200404300147.30770.nmav@gnutls.org> In http://members.hellug.gr/nmav/misc/ftp-gnutls/ I've put a modified ftp-tls (the one by Peter Runestig). It seems to work pretty well with TLS-SRP. -- Nikos Mavroyanopoulos From prox at lunar-linux.org Wed Apr 28 10:17:49 2004 From: prox at lunar-linux.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed Jun 16 15:29:16 2004 Subject: [gnutls-dev] gnutls 1.0.12 Message-ID: <408F6959.4010700@lunar-linux.org> | I've released gnutls 1.0.12. The changes since the last release are: | | - Corrected bug in OpenPGP key loading using a callback. | - Renamed gnutls-srpcrypt to srptool | - Allow handshake requests by the client. | * Things backported from the development branch: | - Added support for authority key identifier and the extended key usage | X.509 extension fields. The certtoool was updated to support them. | - Added batch support to certtool. Now it can use templates. | - The RC2 cipher is no more included. The one in libgcrypt is now used. Hehe, a little oops on your side there with RC2: Making all in lib make[2]: Entering directory `/usr/src/gnutls-1.0.12/lib' Making all in x509 make[3]: Entering directory `/usr/src/gnutls-1.0.12/lib/x509' make[3]: Nothing to be done for `all'. make[3]: Leaving directory `/usr/src/gnutls-1.0.12/lib/x509' make[3]: Entering directory `/usr/src/gnutls-1.0.12/lib' make[3]: *** No rule to make target `x509/rc2.lo', needed by `libgnutls.la'. Stop. make[3]: Leaving directory `/usr/src/gnutls-1.0.12/lib' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/usr/src/gnutls-1.0.12/lib' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/src/gnutls-1.0.12' make: *** [all] Error 2 And more problems with cfg in src. Check patches... //ps. include me in cc if any .ds// -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: gnutls-1.0.12-compile-error.patch Url: /pipermail/attachments/20040428/a3fb2cc0/gnutls-1.0.12-compile-error.txt From mleidy at eiwaz.com Thu Apr 29 18:24:50 2004 From: mleidy at eiwaz.com (Mike Leidy) Date: Wed Jun 16 15:29:20 2004 Subject: [gnutls-dev] gpg sig Message-ID: <20040429112735.6deb3c0e.mleidy@eiwaz.com> Hi. Where can I find the key to validate the signatures for the sources for gnutls and opencdk? Key id 45802A91 isn't found on the 4 servers I usually check, and I don't find it on the website anywhere. -- Mike Leidy Eiwaz GNU/Linux