[gnutls-dev] On key usage flags

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnutls-dev] On key usage flags

From:	Ludovic Courtès
Subject:	[gnutls-dev] On key usage flags
Date:	Wed, 01 Aug 2007 23:35:19 +0200
User-agent:	Gnus/5.11 (Gnus v5.11) Emacs/22.1 (gnu/linux)

Hi,

Recently, I tried to use OpenPGP-based authentication with the
`RSA_NULL_MD5' cipher suite (i.e., no encryption).  To that end, I
generated (with GnuPG) an RSA OpenPGP key pair, and wrote a test program
that specifies the right kx/cipher/mac priorities.

Unfortunately, that doesn't work, because the generated OpenPGP key
doesn't have the "encryption" key usage flag, which means that
`_gnutls_selected_cert_supported_kx ()' will reject it while looking for
a cipher suite.

I don't know about X.509, but OpenPGP key usage flags are informative
rather than authoritative.  Thus, I'm wondering whether we should really
systematically pay attention to them.  Providing the option to honor
them (e.g., through user-definable hooks) may be wise, but enforcing it
doesn't feel right.  In addition, GPG doesn't really permit usage flags
to be chosen, making it hard to create a suitable key.

What do you think?

Thanks,
Ludovic.

[Prev in Thread]

Current Thread

[Next in Thread]

[gnutls-dev] On key usage flags, Ludovic Courtès <=

Prev by Date: [gnutls-dev] [PATCH] Certificate selection fixes
Next by Date: Re: [gnutls-dev] [PATCH] Certificate selection fixes
Previous by thread: [gnutls-dev] [PATCH] Certificate selection fixes
Next by thread: Re: [gnutls-dev] Preparing for the next stable release
Index(es):
- Date
- Thread