On 02/25/2013 11:28 PM, Doug Barton wrote: > lots, this one for example: > > https://help.ubuntu.com/community/GnuTLS
hmm, i don't use ubuntu myself, but i believe that documentation is wrong, particularly this section: https://help.ubuntu.com/community/GnuTLS#Deploying_the_Certificates That page also seems to loosely imply that secret keys and X.509 certificates generated by one implementation (GnuTLS's certtool) won't be interoperable with other implementations (e.g. OpenSSL). I don't think this is the case, and if it is, i would hope it would be reported as a bug. this is pretty off-topic for gnupg-users now, but it would be great if someone who uses ubuntu would fix that page. > So it sounds like what you're saying is that there is no hope for a > system-wide solution for hkps? No, there are multiple system-wide solutions. In the long term, for traditional X.509 certificate verification, curl-gnutls will hopefully be linked against libgnutls28, which will use its system root CAs by default. in the nearer term, you could also use msva-perl with hkpms (if you want to verify remote hosts via the OpenPGP web of trust). and you can also modify /usr/share/gnupg/options.skel to change the default options for new accounts (though i think this won't have an effect on any existing GnuPG homedirs). --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
