"TLS over OpenPGP" sounds a bit strange. I looked at your blog post and
it seems that you have implemented RFC 6091, which allows OpenPGP
certificates to be used instead of X.509 certificates within the TLS
handshake.
I am curious how you use the OpenPGP certificates: do you use them for
server-side authentication and, if so, how do you validate the certs?
Ciao
Hannes
PS: You might also be interested to take a look at:
http://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-07
It adds the use of raw public keys.
On 04/23/2013 01:27 PM, Daniele Ricci wrote:
Continuing on this topic - just a short (maybe) off-topic: I recently
implemented OpenPGP over TLS on my project [1], using my patches on
python-gnutls which eventually became a fork [2].
[1] http://blog.casaricci.it/2013/04/24/openpgp-authentication-over-tls
[2] https://gitorious.org/pygnutls
On Thu, Apr 18, 2013 at 6:06 PM, Peter Saint-Andre <[email protected]> wrote:
On Thu, Apr 18, 2013 at 04:21:02PM +0200, Daniele Ricci wrote:
In the meantime: I just wrote Python bindings for GnuTLS OpenPGP
support [1], patch is here: [2]
Next step would be a Twisted endpoint.
[1] http://twistedmatrix.com/trac/ticket/6175#comment:6
[2]
http://twistedmatrix.com/trac/attachment/ticket/6175/python-gnutls-1.2.4-gpg.diff
Cool. You might want to ping Ralph Meijer (who is on this list) about
Twisted, since he's the author of Wokkel: http://wokkel.ik.nu/
Peter
