From ueno at gnu.org  Wed Mar  9 08:45:27 2022
From: ueno at gnu.org (Daiki Ueno)
Date: Wed, 09 Mar 2022 08:45:27 +0100
Subject: [gnutls-help] gnutls 3.7.4 and more frequent releases
Message-ID: <87tuc7sh60.fsf-ueno@gnu.org>

Hello,

During the last year we were a bit silent in terms of new releases,
though each release had a handful of features.  For a quicker turnaround
in testing, we aim to make releases more often in this year (the current
plan is bi-monthly).

The next release (3.7.4) is scheduled around March 15, and my colleague
Zoltan will be taking care of the release management.

The milestone is maintained at:
https://gitlab.com/gnutls/gnutls/-/milestones/33#tab-issues
Feel free to bring up any issues that we should fix in this release.

Also I would appreciate if anyone is willing to volunteer for the future
releases :-)

Regards,
-- 
Daiki Ueno


From zfridric at redhat.com  Thu Mar 17 17:31:09 2022
From: zfridric at redhat.com (Zoltan Fridrich)
Date: Thu, 17 Mar 2022 17:31:09 +0100
Subject: [gnutls-help] gnutls 3.7.4
Message-ID: <CAEtiQYm1iZy17xTqSiHW+kfiHJ8O=b_o15LxA-mCCDqjfXtu7Q@mail.gmail.com>

Hello,

We have just released gnutls-3.7.4. This is a bug fix and enhancement
release on the 3.7.x branch.

We would like to thank everyone who contributed in this release:
Alexander Sosedkin, Andreas Metzler, Craig, Daiki Ueno, Dimitris Apostolou,
ePirat, Franti?ek Kren?elok, Jan Palus, Seppo Yli-Olli, Tobias Heider and
Zoltan Fridrich.

The detailed list of changes follows:

* Version 3.7.4 (released 2022-03-17)

** libgnutls: Added support for certificate compression as defined in
RFC8879.

** certtool: Added option --compress-cert that allows users to specify
compression   methods for certificate compression.** libgnutls: GnuTLS
can now be compiled with --enable-strict-x509 configure   option to
enforce stricter certificate sanity checks that are compliant   with
RFC5280.** libgnutls: Removed IA5String type from DirectoryString
within issuer   and subject name to make DirectoryString RFC5280
compliant.** libgnutls: Added function to retrieve the name of the
current ciphersuite   from session (#1291).
** API and ABI modifications:GNUTLS_COMP_BROTLI: New
gnutls_compression_method_t enum memberGNUTLS_COMP_ZSTD: New
gnutls_compression_method_t enum
membergnutls_compress_certificate_get_selected_method:
Addedgnutls_compress_certificate_set_methods: Added

Getting the Software
================
GnuTLS may be downloaded directly from
https://www.gnupg.org/ftp/gcrypt/
A list of GnuTLS mirrors can be found athttp://www.gnutls.org/download.html

Here are the XZ compressed sources:
https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.4.tar.xz

Here are OpenPGP detached signatures signed using key:
5D46CB0F763405A7053556F47A75A648B3F9220Chttps://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.4.tar.xz.sig

Note that it has been signed with my openpgp key:
pub   ed25519 2021-12-23 [SC] [expires: 2023-12-23]
         5D46CB0F763405A7053556F47A75A648B3F9220C
uid           [ultimate] Zoltan Fridrich <zfridric at redhat.com>
sub   cv25519 2021-12-23 [E] [expires: 2023-12-23]

and Daiki Uenos openpgp key:
pub   rsa4096 2009-07-23 [SC] [expires: 2023-09-25]
      462225C3B46F34879FC8496CD605848ED7E69871
uid           [ultimate] Daiki Ueno <ueno at unixuser.org
<http://lists.gnupg.org/mailman/listinfo/gnutls-help>>
uid           [ultimate] Daiki Ueno <ueno at gnu.org
<http://lists.gnupg.org/mailman/listinfo/gnutls-help>>
sub   rsa4096 2010-02-04 [E]


Regards,
Zoltan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20220317/40da63f6/attachment.html>

From nicolas at babelouest.org  Sat Mar 19 16:55:02 2022
From: nicolas at babelouest.org (Nicolas Mora)
Date: Sat, 19 Mar 2022 11:55:02 -0400
Subject: [gnutls-help] gnutls 3.7.4 and more frequent releases
In-Reply-To: <87tuc7sh60.fsf-ueno@gnu.org>
References: <87tuc7sh60.fsf-ueno@gnu.org>
Message-ID: <930027e7-39bf-17bb-f92d-17781e5ebb34@babelouest.org>

Hello,

Le 2022-03-09 ? 02 h 45, Daiki Ueno a ?crit?:
> 
> Also I would appreciate if anyone is willing to volunteer for the future
> releases :-)
> 
I'd like to help with the future releases.

I have a pending MR (gnutls_ecdh_compute_key) which is currently on hold 
[1]. I was asking for help to use internal functions [2].

I also have made 2 MRs in Nettle library, one for AES keywrap [3], which 
has been merged and should be in a future release, the other one for RSA 
OAEP [4], which hasn't been merged yet.

When those last 2 will be available in Nettle, I can make MRs to add AES 
keywrap and RSA OAEP in GnuTLS too.

I'd like those functionalities in GnuTLS so GnuTLS would support all key 
management algorithm in the JOSE standard [5].

Besides that, I can help with other needs the library would have, not 
only the one I want :-)

/Nicolas

[1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1395
[2] https://gitlab.com/gnutls/gnutls/-/merge_requests/1395#note_748478374
[3] https://git.lysator.liu.se/nettle/nettle/-/merge_requests/19
[4] https://git.lysator.liu.se/nettle/nettle/-/merge_requests/20
[5] https://datatracker.ietf.org/doc/html/rfc7518#section-4


From Massimo.Miletto at gru.bitron-ind.com  Mon Mar 21 07:47:00 2022
From: Massimo.Miletto at gru.bitron-ind.com (Miletto Massimo)
Date: Mon, 21 Mar 2022 06:47:00 +0000
Subject: [gnutls-help] Remove from the mailing list
Message-ID: <0cc6666fbb9d493c82f9abf4ae85447f@gru.bitron-ind.com>

CONFIDENTIALITY |Internal | Confidential | Restricted |

Hello,

Can you remove my email (Massimo.miletto at gru.bitron-ind.com<mailto:Massimo.miletto at gru.bitron-ind.com>) from the mailing list?

Thanks
Massimo Miletto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20220321/9b47d463/attachment.html>

From ueno at gnu.org  Mon Mar 21 15:16:05 2022
From: ueno at gnu.org (Daiki Ueno)
Date: Mon, 21 Mar 2022 15:16:05 +0100
Subject: [gnutls-help] gnutls 3.7.4 and more frequent releases
In-Reply-To: <930027e7-39bf-17bb-f92d-17781e5ebb34@babelouest.org> (Nicolas
 Mora's message of "Sat, 19 Mar 2022 11:55:02 -0400")
References: <87tuc7sh60.fsf-ueno@gnu.org>
 <930027e7-39bf-17bb-f92d-17781e5ebb34@babelouest.org>
Message-ID: <87tubr2xy2.fsf-ueno@gnu.org>

Hello Nicolas,

Nicolas Mora <nicolas at babelouest.org> writes:

> Le 2022-03-09 ? 02 h 45, Daiki Ueno a ?crit?:
>> Also I would appreciate if anyone is willing to volunteer for the
>> future
>> releases :-)
>> 
> I'd like to help with the future releases.

Thank you; that would be great!

> I have a pending MR (gnutls_ecdh_compute_key) which is currently on
> hold [1]. I was asking for help to use internal functions [2].

Sorry for the inactivity on the MR; let me give it back to you soon.

> I also have made 2 MRs in Nettle library, one for AES keywrap [3],
> which has been merged and should be in a future release, the other one
> for RSA OAEP [4], which hasn't been merged yet.
>
> When those last 2 will be available in Nettle, I can make MRs to add
> AES keywrap and RSA OAEP in GnuTLS too.

I think these are becoming more relevant in terms of FIPS, given the
sunset of PKCS#1 padding usage (in particular for key wrapping).

> I'd like those functionalities in GnuTLS so GnuTLS would support all
> key management algorithm in the JOSE standard [5].
>
> Besides that, I can help with other needs the library would have, not
> only the one I want :-)

I have recently started a wiki page to collect non-trivial project ideas:
https://gitlab.com/gnutls/gnutls/-/wikis/Projects-for-newcomers

Feel free to add any other ideas there :-)

Regards,
-- 
Daiki Ueno


From nicolas at babelouest.org  Tue Mar 22 01:24:06 2022
From: nicolas at babelouest.org (Nicolas Mora)
Date: Mon, 21 Mar 2022 20:24:06 -0400
Subject: [gnutls-help] gnutls 3.7.4 and more frequent releases
In-Reply-To: <87tubr2xy2.fsf-ueno@gnu.org>
References: <87tuc7sh60.fsf-ueno@gnu.org>
 <930027e7-39bf-17bb-f92d-17781e5ebb34@babelouest.org>
 <87tubr2xy2.fsf-ueno@gnu.org>
Message-ID: <ad2fc3e5-85f1-627d-05cc-2f5e090eb67e@babelouest.org>

Hello,

Le 2022-03-21 ? 10 h 16, Daiki Ueno a ?crit?:

>> I have a pending MR (gnutls_ecdh_compute_key) which is currently on
>> hold [1]. I was asking for help to use internal functions [2].
> 
> Sorry for the inactivity on the MR; let me give it back to you soon.
> 
Thanks!

>> When those last 2 will be available in Nettle, I can make MRs to add
>> AES keywrap and RSA OAEP in GnuTLS too.
> 
> I think these are becoming more relevant in terms of FIPS, given the
> sunset of PKCS#1 padding usage (in particular for key wrapping).
> 
I don't know what "sunset of PKCS#1 padding usage" means, but if it 
leads to having all the JWA available in GnuTLS, I'm up for it! :-)

This also raises a question about FIPS, the ES256k (Digital Signature 
with secp256k1 Curve Key) is not present in GnuTLS, I don't remember 
where I saw that, but I recall it's because secp256k1 curve isn't 
available in the FIPS standards.
Is that so?

> 
> I have recently started a wiki page to collect non-trivial project ideas:
> https://gitlab.com/gnutls/gnutls/-/wikis/Projects-for-newcomers
> 
> Feel free to add any other ideas there :-)
> 
Thanks, I'm not an expert in cryptographic algorithms and standard, but 
if I have other ideas, I'll add to this wiki!

/Nicolas