Hi, I recently discovered that GnuTLS can use OpenPGP as certificate, instead of X509, which afaik depends on the CA model…
…yet afaik fingerprint change according standard (there are like at least 4 versions of it for PGP (still using sha1), and at least one for X509 (afaik still using sha1 too)), so it won’t simplify by “oh simply check at the fingerprint and if it’s the same that I gave you it’s ok”… anyway it wouldn’t work because since I don’t want to store my master private key on my server I prefer to “ultimate” sign another keypair and put it on my server… So my question is: what does “openpgp support” (as cited there: http://gnutls.org/openpgp.html and there http://gnutls.org/) mean? only that the dh parameters will get signed by a privkey with the same parameters? or only that gnutls will call gpg to sign a different x509 cert with the specified key (at this point I could already do that manually)? then what automation/comodity do it brings? does it only says “that cert is secure” if it is signed by someone you trust/you certified according GPG/GNS/whatever? _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
