* Magnus Hagander ([EMAIL PROTECTED]) wrote: > Stephen Frost wrote: > > * Martijn van Oosterhout (email@example.com) wrote: > >> On Sat, Dec 30, 2006 at 02:10:42AM -0500, Tom Lane wrote: > >>> Actually, it's *not* feature-complete even yet. > >> What's missing? I don't see anything on the TODO list relating to > >> this. If you wanted a GnuTLS patch that supported more features than > >> the OpenSSL one, you should have said so. Personally I would have > >> added: > >> > >> - authentication using PGP keys > > > > This would be the big feature I think is missing from our current SSL > > support. I don't think it'd be terribly difficult to support with > > either library (I think most of the work would be on the PG user auth > > side, which would be useable by either). > > Wouldn't it be a lot more logical to support authentication with X.509 > certificates rather than PGP keys? Given that SSL already has that at a > protocol level AFAIK? And if you are doing any kind of enterprise > deployment at lesat, you're likely to have the PKI infrastructure to > deal out X.509 already? > > That said, you could do PGP authentication anyway - independent of SSL - > if people wanted it.
Err, brain fart on my side, I was thinking about X.509 certs, actually, not PGP keys. I agree w/ you 100% on this. :) Thanks, Stephen
Description: Digital signature