[Help-gnutls] Re: Semantics of `gnutls_openpgp_key_check_hostname ()'

Simon Josefsson simon at josefsson.org
Wed Apr 11 15:30:11 CEST 2007


ludo at chbouib.org (Ludovic Courtès) writes:

> Hi,
>
> Currently, `gnutls_openpgp_key_check_hostname ()' will only return true
> if one of the key's names matches _exactly_ HOSTNAME.  Since key names
> are not supposed to be host names but rather RFC822 strings, this is of
> little use.
>
> Perhaps it should rather check whether the email part of one of the key
> names matches HOSTNAME?

I'm not sure... it is pretty important that name checks are well
defined.  As I recall, there are no clear requirements on what key
names should be in the standard, or is there?

How do this cause problems?  Perhaps we can solve it by simply
improving documentation to make it clear that you'll have to generate
a OpenPGP key with a name matching exactly the server's.  Adding
better warnings to gnutls-cli/gnutls-serv when this isn't true might
help too.

/Simon





More information about the Gnutls-help mailing list