On 12/23/2012 01:23 PM, Hauke Laging wrote: > Am So 23.12.2012, 12:01:25 schrieb Nicholas Cole: > >> Is there a protocol documented anywhere for using PGP Keys for client-server >> authentications? > > SSH? :-)
the ssh specification declares the use pgp-style certificates: https://tools.ietf.org/html/rfc4253#section-6.6 but does little to indicate how peers should consider them for authentication purposes. the majority of OpenPGP-verified ssh connections in use on the net today are probably using raw keys on the wire, but certifying them out-of-band via tools like the Monkeysphere. RFC 6091 documents a mechanism for using OpenPGP certificates as peer endpoints for a TLS session. http://tools.ietf.org/html/rfc6091 But similarly to the ssh situation, it may be simpler to pass "dummy" public key placeholders (e.g. those that are well-formed X.509 certificates) and do the conversion to OpenPGP certificates on the backend/out of band. --dkg _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
