[gnutls-devel] openpgp removal

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Sun Jan 15 11:10:30 CET 2017


On Sat, Jan 14, 2017 at 6:14 PM, Ludovic Courtès <ludo at gnu.org> wrote:
>>  After considering the quality of the OpenPGP support in gnutls, I've
>> decided to speed up the OpenPGP deprecation originally planned in [0].
>> I've marked all functions as deprecated and modified the manual to
>> list the reasons the openpgp certificate support should not be used in
>> [1]. However, there are some references to OpenPGP in the Guile manual
>> as well. Is it ok to remove them?
> Yes, sure.
>
> I’m disappointed to see OpenPGP support go away, because that’s one of
> the things that brought me into GnuTLS back in the day, but I can
> understand your concerns as a maintainer.

I think it is time to admit that OpenPGP authentication for TLS led
nowhere. Although I initially expected to improve web applications,
and even more custom applications by providing a simpler verification
of trust, neither of these categories benefited in practice. The web
of trust push by pgp/gpg, proved to be too complex to deploy on the
scale of Internet. When OpenPGP certificates were used with gnutls
they were used only as an alternative format for certificates, which
was neither simpler nor better than X.509.

regards,
Nikos



More information about the Gnutls-devel mailing list