[gnutls-help] OpenPGP instead of X509: what kind of (sub)key?
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Sep 5 18:35:31 CEST 2016
On Mon, 2016-09-05 at 18:19 +0200, Garreau, Alexandre wrote:
> > It directly uses openpgp certificates and keys for signatures.
> So… if I run gnutls-server somewhere, and connect to it with
> gnutls-client… the fingerprints I will see are those of the opengpg
> masterkey? or of the signing subkey? or is it possible to use a
> subkey
> for this usage? what features/“usages” should have a openpgp cert
> used
> by GnuTLS? “sign”? “certificate”? can I use the new GnuPG
> Curves25519?
>
> Or if I consider WoT doesn’t work enough [1], can I make so the key
> of
> each person I know is “allowed” to certificate only keys owned by
> this
> same very person (without having to “trust” everybody on everybody)?
> [1]
> https://lists.torproject.org/pipermail/tor-talk/2013-September/030235
> .html
If you are developing a new application, I'd simply suggest to ignore
this API and pretend it doesn't exist. It will go away.
regards,
Nikos
More information about the Gnutls-help
mailing list