[gnutls-dev] OpenPGP Keys

Timo Schulz twoaday at gmx.net
Thu Apr 19 20:37:48 CEST 2007

Simon Josefsson wrote:

> I'm thinking that the trustdb file will be the GnuTLS-specific
> trustdb, and thus OpenCDK can depend on the trust information in that
> file.  Wouldn't that work?

That would work.

> Thus, it would be a bad idea to run a server with your personal
> ~/.gnupg/trustdb.gpg, and you would rather create a separate
> trustdb.gpg for the GnuTLS server.

This is also my opinion. Plus the trustdb.gpg file has a non-public
format and can change any time. This time it was a workaround but
never changed.

> what we are doing, or?) so if it is possible to have a text file with
> OpenPGP key identifiers in it that the server should trust, that seems
> like a better choice.  Is there any other information in the trustdb
> that GnuTLS/OpenCDK needs?

Yes, a text file is possible and probably easier to parse than binary
files. And no other information is needed. I probably need to read the
newest OpenPGP GnuTLS draft to find out what the requirements are.


More information about the Gnutls-devel mailing list