[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenPGP Browser Support
|
From: |
Daniel Kahn Gillmor |
|
Subject: |
Re: OpenPGP Browser Support |
|
Date: |
Thu, 24 Jul 2008 13:10:15 -0400 |
|
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) |
On Thu 2008-07-24 01:07:44 -0400, Duane wrote:
> I was pleasantly surprised to learn that OpenPGP has been accepted
> as a RFC, however I'm unable to find a browser or plugin for a
> browser that supports this, is anyone able to enlighten me?
I've yet to find one either, unfortunately. There are two major
fields of work to see this happen successfully:
* adapt one of the browsers that uses gnutls (epiphany? galeon?) to
be able to handle this TLS extension: this includes deciding how to
store a keyring of trusted identity certifiers.
* do the UI work necessary in that browser to let users choose how to
manage their set of trusted identity certifiers.
Some implementation decisions would need to be made:
* do you want to use/interact with the user's standard GPG keyring
for any of this?
* do you want to use the full web-of-trust model, or is a list of
trusted authorities (similar to the current X.509 model)
sufficient?
* how do you plan to match the OpenPGP User IDs to hosts? Is just
the name sufficient? What about alternate ports? (e.g. is
"www.example.com" the User ID you'll look for? or should it be
"https://www.example.com/";? Or for alternate ports (e.g. not 443
for https), should it be "www.example.com:4343" ? I don't believe
the RFC actually specifies what must go here (though i'd be happy
to be shown otherwise).
I'd really love to see this project get underway, but i haven't seen
anyone doing it yet.
--dkg
pgpYtGtVOh0Ut.pgp
Description: PGP signature