[Help-gnutls] Is gnutls using the shell model or the chain model for a certificate validation

Scott Schaeffner sschaeffner at hotmail.com
Mon Nov 10 07:57:23 CET 2008


Here the message (response to gnu.org #388183) I'd like to post:
>I don't see any clear notes on the page you linked explaining
>specifically what "shell" and "chain" mean in this context.


The power point presentation http://www.bundesnetzagentur.de/media/archive/1894.pps#259 shows the differences concerning the two different validation models.


I furthermore found a note that indicates that in germany the chain model is required (http://www.adobe.com/devnet/acrobat/pdfs/admin_guide.pdf section


I did not have a detailed look into the implementation yet, so I am not
sure if gnutls offers one function for a certificate chain validation
or if you have to implement the verification of the chain on your own
and gnutls only offers the functions for that.



>To be clear, this gpg documentation is in the "GPGSM Options" section,
>so it refers to the X.509 certificates, not OpenPGP certificates,


Well, except for the power point presentation I could not find much
references in the internet concerning the validation models. But my

current assumption is that the models apply to both types of certificates.


Thanks for the infos.




> Subject: Re: [gnu.org #388183] http://lists.gnu.org/archive/html/help-gnutls/2008-11/msg00020.html - response not possible 
> From: webmasters at gnu.org
> To: sschaeffner at hotmail.com
> Date: Fri, 7 Nov 2008 19:17:50 -0500
> Hi Scott,
>     I was trying to respond to the post
>     http://lists.gnu.org/archive/html/help-gnutls/2008-11/msg00020.html
>     and got the following message on http://lists.gnu.org/mp/yyz.py
> Thanks for the report.  I'll tell the sysadmins.
>     and therefore it looks I can not post a response... .
> Please email your response to help-gnutls at gnu.org with 
> Subject: Re: [Help-gnutls] Is gnutls using the shell model or the chain model for a certificate validation
> and it should get through in due course.
> Best,
> karl at gnu.org

News, entertainment and everything you care about at Live.com. Get it now!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20081110/81330258/attachment.htm>

More information about the Gnutls-help mailing list