[Help-gnutls] Re: TLS/OpenPGP draft expiring soon

Simon Josefsson simon at josefsson.org
Tue Jan 16 19:14:41 CET 2007

Daniel Kahn Gillmor <dkg-debian.org at fifthhorseman.net> writes:

> At 2007-01-16 14:54, ludovic.courtes at laas.fr said:
>> I just noticed that the proposal to extend TLS to support OpenPGP
>> certificates written by Nikos Mavrogiannopoulos expires on February 1st:
>>   http://www.ietf.org/internet-drafts/draft-ietf-tls-openpgp-keys-11.txt
>> Are there any news regarding this?
> I would also like to know about this.  I think this draft is
> important, and would love to see it get wider attention.  I've written
> an article about TLS certificate authentication that ended up pretty
> strongly in favor of the OpenPGP certificate model:
>  http://www.debian-administration.org/users/dkg/weblog/12


Btw, the TLS servername extension (see RFC 3546) is intended to solve
the first problem you noticed, that servers cannot offer multiple
X.509 certificates.

> For those of us who are interested in promoting this model, what are
> possible courses of action to help out?

Work on mod_gnutls for Apache.  It should not have to be a big
project, but it is a good way to get this feature into Apache.

Also, testing and improving the OpenPGP parts of GnuTLS would be
useful.  In particular, OpenCDK isn't really in the shape that I'd
like to see it in.  Funding someone to work on that (I'm available :))
would be one way.


More information about the Gnutls-help mailing list