[Help-gnutls] Re: OpenPGP certificate verification for TLS connections
ludovic.courtes at laas.fr
Thu Apr 19 10:17:30 CEST 2007
Daniel Kahn Gillmor <dkg-debian.org at fifthhorseman.net> writes:
> On Wed 2007-04-18 03:34:29 -0400, Ludovic Courtès wrote:
>> That's probably a useful usage pattern. The problem that I see is
>> that it would be non-standard,
> I'm not convinced that using User IDs for authorization is
> In short, the client *authenticates* with her certificate, and the
> server *authorizes* against her User ID.
Right, but that's X.509. ;-) By "non-standard", I meant that it is not
currently standardized, e.g., by RFC 2440.
> By analogy with OpenSSL (which contains significant infrastructure for
> managing X.509 certificate hierarchy trust), i would suggest that it
> is not outside the scope of GnuTLS to implement a well-thought-out
> scheme for trust checking when using OpenPGP certificates.
Sure, but the first step would probably to try and standardize this
practice through an RFC.
More information about the Gnutls-help