dirmngr

Bernhard Reiter bernhard@intevation.de
Thu May 15 16:09:02 2003


--KJY2Ze80yH5MUxol
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

[It might be that your mail was stuck in moderation quite a while.]


On Thu, May 01, 2003 at 08:48:37PM -0400, Karsten K=FCnne wrote:
> I just posted a small patch for dirmngr in order to fix a loop problem to=
 the=20
> bugtracker but I forgot to include my email. Here it is again:

Thanks for the patch.  dirmngr-0.4.5 fixes that problem.

> I also would like to know whether there is still some development going o=
n on=20
> dirmngr?=20

Currently only very limited bug-fixing is going on.
We welcome any help with bug-fixing, testing or enhancements.

> I'm especially interested in http support for CRL-fetching because=20
> all of our certs have a "http"-URI as CRL-distributionpoint.=20

That would be nice to have.
A patch would be welcome.

> I also found out=20
> that dirmngr takes the DN from a cert literally and tries to look that up=
 in=20
> ldap which in our case doesn't work because our ldap base is=20
> "dc=3Drentec,dc=3Dcom" whereas the certs contain "o=3Drentec,c=3Dus".=20

But that is a bug in the cert then, isn't it? :)
Dirmngr offers a workaround in additionally trying all the ldapserver
in dimngr_ldapservers.conf. Just configure your ldap server and base there.

> It also takes=20
> the famous (or infamous?) "Email" RDN and makes something strange out of =
it,=20
> for instance, "Email=3Dca@rentec.com" becomes=20
> "email=3D#63614072656E7465632E636F6D". It would be nice to have some kind=
 of=20
> (configurable) mapping between certificate DN's and ldap DN's.

If we talk about the same (infamous) E-Mail RDN, than it should
be noted that it is not recommended in current standards, but a hack.
AFAIK the above should be a valid quoting, but Werner would know
for sure. Anyway, new certificates should not use RDN anyway AFAIU.

> Another problem is that dirmngr doesn't use the certs which gpgsm already=
=20
> knows.=20

I thought we had addressed that problem at some place.
Maybe we didn't solve it for all cases.=20
Certainly a thing to improve then.

> Other than that the aegypten support in kmail works very well.

Thanks!
	Bernhard

--KJY2Ze80yH5MUxol
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIHOTCC
A8YwggMvoAMCAQICAQMwDQYJKoZIhvcNAQEEBQAwPDELMAkGA1UEBhMCREUxGDAWBgNVBAoM
D0ludGV2YXRpb24gR21iSDETMBEGA1UEAwwKVGVzdC1QS0kgMjAeFw0wMjA3MDExNjMxMTha
Fw0wMzA3MDExNjMxMThaMDoxCzAJBgNVBAYTAkRFMRgwFgYDVQQKDA9JbnRldmF0aW9uIEdt
YkgxETAPBgNVBAMMCFRlc3QtWlMzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/Hwo8
bfxfEw6382TbAqyg+tAIDrZW+tNrEovAimTxAP+cflbGnp3NBTlorl/rvPO3EPGwYNjY15Jg
bDOcCcKzmpo+X1R25cLH2o2dQcOpKpwmcdFB9bED1PoDDBn4c6pVNI1Esf0zfxI1yVkjvp04
0Gjgjk69WD4v2abcBOSxzQIDAQABo4IB2DCCAdQwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8E
BAMCAQYwbgYDVR0fBGcwZTBjoGGgX4ZdbGRhcDovL3RoZXRpcy5pbnRldmF0aW9uLm9yZy9j
bj1UZXN0LVBLSSAyLCBvPUludGV2YXRpb24gR21iSCwgYz1ERT9jZXJ0aWZpY2F0ZVJldm9j
YXRpb25MaXN0MEcGCWCGSAGG+EIBDQQ6FjhDZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkgw4RneXB0
ZW4gUHJvamVjdCBjcmV3IGZvciB0ZXN0aW5nLjAdBgNVHQ4EFgQUCUDxc5MOQgOLPmBNXs6V
TmmKdZ4wZAYDVR0jBF0wW4AUIlVYGCccqrgh11q8y5DeASHoR6OhQKQ+MDwxCzAJBgNVBAYT
AkRFMRgwFgYDVQQKDA9JbnRldmF0aW9uIEdtYkgxEzARBgNVBAMMClRlc3QtUEtJIDKCAQAw
OgYDVR0RBDMwMYEYaW50ZXZhdGlvbkBpbnRldmF0aW9uLmRlhhVodHRwOi8vaW50ZXZhdGlv
bi5uZXQwOgYDVR0SBDMwMYEYaW50ZXZhdGlvbkBpbnRldmF0aW9uLmRlhhVodHRwOi8vaW50
ZXZhdGlvbi5uZXQwDQYJKoZIhvcNAQEEBQADgYEAanonkMUuyCAo4R+jFzs3v4RwqNpDTJMM
Uw0nOL4imsh3Q+bmlLno9pTFFmTfCHQCQckTf8uUWKKGricDtHiCVNiMyjV73BLp9lJ44juS
aPCShjV6I5B4IMpNDTooIGt6bW7MGTGJ0TLcrpMenqrpPKjJoT18VduURxE3V4sejZcwggNr
MIIC1KADAgECAgEMMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNVBAYTAkRFMRgwFgYDVQQKDA9J
bnRldmF0aW9uIEdtYkgxETAPBgNVBAMMCFRlc3QtWlMzMB4XDTAzMDEyNDEwNDgyN1oXDTAz
MDcyMzEwNDgyN1owQTELMAkGA1UEBhMCZGUxGDAWBgNVBAoTD0ludGV2YXRpb24gR21iSDEY
MBYGA1UEAxMPQmVybmhhcmQgUmVpdGVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCl
9vgXAYv9lQqlUwB68e9nD8pL7SNw3sEf1KvWfWZdMZEXoyKS0IJD6Py+4F/5sFYDZi7kT3yT
CG3nCl2/jpTgmgMhh/+XC1WiCYTx7emZydbopbNMyMqzZWJSGTSAEoFkvcNlY4MJ37ZabfB4
bb3Aq+SJsgl7XEBIpZJa8FX+LwIDAQABo4IBeDCCAXQwDAYDVR0TAQH/BAIwADAOBgNVHQ8B
Af8EBAMCBeAwbAYDVR0fBGUwYzBhoF+gXYZbbGRhcDovL3RoZXRpcy5pbnRldmF0aW9uLm9y
Zy9jbj1UZXN0LVpTMywgbz1JbnRldmF0aW9uIEdtYkgsIGM9REU/Y2VydGlmaWNhdGVSZXZv
Y2F0aW9uTGlzdDA+BglghkgBhvhCAQ0EMRYvQ2VydGlmaWNhdGUgZ2VuZXJhdGVkIGJ5IMOE
Z3lwdGVuIFByb2plY3QgY3Jldy4wHQYDVR0OBBYEFGWKuLo9WI2h0mekRS5K24emRjojMGQG
A1UdIwRdMFuAFAlA8XOTDkIDiz5gTV7OlU5pinWeoUCkPjA8MQswCQYDVQQGEwJERTEYMBYG
A1UECgwPSW50ZXZhdGlvbiBHbWJIMRMwEQYDVQQDDApUZXN0LVBLSSAyggEDMCEGA1UdEQQa
MBiBFmJlcm5oYXJkQGludGV2YXRpb24uZGUwDQYJKoZIhvcNAQEEBQADgYEAFUn+q8OZ4x+S
mmqVayu3lvTJEFzeI7v3BqPYXkM7Cdf7yyNAZ+igwU8p3t/Z/kbHqgt84oHRECKvRH1LN53C
4SSqdBjEbOOa+TGpviV0zvdVB5xVvljlZ6DS+NwV/smhgCiQ6lqWPvNKHbaJFcPotPrm7fiN
A7JX++oVyKb+/MwxggFAMIIBPAIBATA/MDoxCzAJBgNVBAYTAkRFMRgwFgYDVQQKDA9JbnRl
dmF0aW9uIEdtYkgxETAPBgNVBAMMCFRlc3QtWlMzAgEMMAcGBSsOAwIaoF0wIwYJKoZIhvcN
AQkEMRYEFAbt2uV3Uj3xPyDWjYQnltG364VNMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw
HAYJKoZIhvcNAQkFMQ8XDTAzMDUxNTE0MDk0OFowCwYJKoZIhvcNAQEBBIGAE141tKq1aiCv
H9zwDqjtsDfx3qMbX/HadYfxxc1MpgOWBCEZoxHmrKO/lskQiiAsn1kwjqXbepZhPu8c7B3g
agEKRlcWn28F3Yv2p1W76a5lAPe4D9Kg1RXCwg0q62wpiHraDUt1CJE6sXRLCDBpjyKzsW0m
33idcH1pz63IrrQAAAAAAAA=

--KJY2Ze80yH5MUxol--