[Help-gnutls] Re: OpenPGP certificate verification for TLS connections

Daniel Kahn Gillmor dkg-debian.org at fifthhorseman.net
Tue Apr 17 22:03:58 CEST 2007

Hash: SHA1

On Tue 2007-04-17 15:12:01 -0400, Matthias Urlichs wrote:

> Good example, that. I do NOT want to ask my user "is that really the
> key of the host you want to talk to?" questions. In a large system,
> that's pointless, especially as you're really not supposed to give
> the same key to multiple hosts. Does any of you ever check that
> fingerprint against the original?

i check the fingerprints! (but i know i'm in the minority...)

What i'd really prefer is to have my ssh servers offer GPG keys,
though.  When i set up the server, i'd create the key with a UID (or
UIDs) relevant to the hostname(s) used by that host.  Then i'd sign
the key/uid combination with my "server administrator" key.

My ssh client would know to trust the server administrator key to
identify hosts properly, and would be able to verify everything
automatically, with no manual fingerprint checking or shunting
/etc/ssh/sshd_host_rsa_key.pub over a serial line or sneakernet or

This (openssh) is perhaps a little off-topic for the GnuTLS list, but
i think it illustrates a common use case for TLS connections.

> So what I *really* want is a host key that's signed by the systems'
> admin key, and I want to tell my users, or rather my default suer
> setup, "if you see a host key that's signed by _that_ key here, and
> if you're connecting to hosts in _these_ domains, maybe print a nice
> info the first time you see it in an interactive session, but
> otherwise assume it's OK".

i'd agree with this, except i'd say "if you see a host key *bound to
the expected User ID* signed by _that_ key..."

This is because the client should be checking not just that the key is
signed by a trusted authority, but that the authority claims it
belongs to the entity the client is connecting to.

It does raise an interesting question of whether the web-of-trust
should be able to accomodate "only trust key X signatures when they're
bound to User IDs of the following form".  This would let you say, for
example, "i trust dkg to identify people/servers within the
fifthhorseman.net domain, but i'd rather not trust his identifications
of anyone else."

Is there a way to represent something like that in the current
web-of-trust architecture?

Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>


More information about the Gnutls-help mailing list