OpenPGP Authentication Protocol?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sun Dec 23 22:31:01 CET 2012
On 12/23/2012 01:23 PM, Hauke Laging wrote:
> Am So 23.12.2012, 12:01:25 schrieb Nicholas Cole:
>
>> Is there a protocol documented anywhere for using PGP Keys for client-server
>> authentications?
>
> SSH? :-)
the ssh specification declares the use pgp-style certificates:
https://tools.ietf.org/html/rfc4253#section-6.6
but does little to indicate how peers should consider them for
authentication purposes. the majority of OpenPGP-verified ssh
connections in use on the net today are probably using raw keys on the
wire, but certifying them out-of-band via tools like the Monkeysphere.
RFC 6091 documents a mechanism for using OpenPGP certificates as peer
endpoints for a TLS session.
http://tools.ietf.org/html/rfc6091
But similarly to the ssh situation, it may be simpler to pass "dummy"
public key placeholders (e.g. those that are well-formed X.509
certificates) and do the conversion to OpenPGP certificates on the
backend/out of band.
--dkg
More information about the Gnupg-users
mailing list