supporting out-of-process certificate validation

Simon Josefsson simon at
Wed Nov 12 09:27:56 CET 2008

Daniel Kahn Gillmor <dkg at> writes:

> On Tue 2008-11-11 10:51:45 -0500, Simon Josefsson wrote:
>> Generally, I don't think X.509 validation belongs in the same
>> process as a TLS client or server -- it is complex and mistakes will
>> happen, it is better to put all X.509 handling (including private
>> key handling) in a separate process.
> This sounds like a good thing to me.  Do we have a clear API or
> inter-process protocol for these functions?

This sounds like a good idea to flesh out on our wiki, I've created a
starting pointer:

> I quite like (and use daily) OpenSSH's ssh-agent model for
> out-of-process handling of private keys [0].  I'd love to see that
> used (or extended if the data types are incompatible) to be able to
> work with TLS connections.  Then a single backend agent could be used
> for both SSH and TLS connections.

I like this model too.

> I'd be very interested in helping to flesh out what communications
> primitives this kind of a spec should involve, particularly if it
> allows people to substitute different validation models depending on
> personal preference, and to share validation models across
> applications.
> If anyone else is working on such a spec, i'd love to hear about it.

Let's start discuss it.

I think we can share many ideas and even code from GnuPG 2.x, so it
would be useful if people familiar with that code helped us here.  (Hi
Werner. :))


More information about the Gnutls-devel mailing list