[gnutls-dev] OpenPGP Keys

Timo Schulz twoaday at gmx.net
Fri Apr 20 10:43:51 CEST 2007


> (You directed the mail to `gnutls-dev-bounces' instead of `gnutls-dev'

Oops, I blame the mailer. Of course it should be go to gnutls-dev. Thanks.

> This is only used when traversing the certification graph ("web of
> trust") to determine the "loss of trustworthiness" yielded when
> following an edge.  (Wow, what a fancy sentence! ;-))

I'm not sure about the current documentation, I remember that I've
seen some pictures of the WoT as examples. But if there is so much
confusion about this topic, I guess it's the best idea to explain
this in details (again).

> key-user ID binding?"  And, as discussed on `help-gnutls', it takes more
> than this to implement a server-side authorization scheme.  Thus,
> trustdbs in GnuTLS would only be a building block for people who want to
> implement authorization schemes based on user IDs, for instance.

I agree. A trustdb would involve more than just a simple trust to key
association. And right now there is no code in opencdk to calculate the
validity of a key based on the signatures and ownertrust values.

And to my surprise, the new code works even with the dummy stubs of the
trustdb code. So I ask me where the trustdb is really involved in the
handshake or authentication steps.


More information about the Gnutls-devel mailing list