Hi, Daniel Kahn Gillmor <[EMAIL PROTECTED]> writes:
> On Wed 2007-04-18 03:34:29 -0400, Ludovic Courtès wrote: [...] >> That's probably a useful usage pattern. The problem that I see is >> that it would be non-standard, > > I'm not convinced that using User IDs for authorization is > non-standard. [...] > In short, the client *authenticates* with her certificate, and the > server *authorizes* against her User ID. Right, but that's X.509. ;-) By "non-standard", I meant that it is not currently standardized, e.g., by RFC 2440. > By analogy with OpenSSL (which contains significant infrastructure for > managing X.509 certificate hierarchy trust), i would suggest that it > is not outside the scope of GnuTLS to implement a well-thought-out > scheme for trust checking when using OpenPGP certificates. Sure, but the first step would probably to try and standardize this practice through an RFC. Thanks, Ludovic. _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
