[Help-gnutls] Is gnutls using the shell model or the chain model for a certificate validation

Scott Schaeffner sschaeffner at hotmail.com
Mon Nov 10 07:57:23 CET 2008


Hello,

Here the message (response to gnu.org #388183) I'd like to post:
----------------------------------------------------------------
>I don't see any clear notes on the page you linked explaining
>specifically what "shell" and "chain" mean in this context.

 

The power point presentation http://www.bundesnetzagentur.de/media/archive/1894.pps#259 shows the differences concerning the two different validation models.

 

I furthermore found a note that indicates that in germany the chain model is required (http://www.adobe.com/devnet/acrobat/pdfs/admin_guide.pdf section 5.4.4.2)

 

I did not have a detailed look into the implementation yet, so I am not
sure if gnutls offers one function for a certificate chain validation
or if you have to implement the verification of the chain on your own
and gnutls only offers the functions for that.

 

 

>To be clear, this gpg documentation is in the "GPGSM Options" section,
>so it refers to the X.509 certificates, not OpenPGP certificates,
>correct?

 

Well, except for the power point presentation I could not find much
references in the internet concerning the validation models. But my

current assumption is that the models apply to both types of certificates.

 

Thanks for the infos.

 

Scott

---------------------------------------------------------------


> Subject: Re: [gnu.org #388183] http://lists.gnu.org/archive/html/help-gnutls/2008-11/msg00020.html - response not possible 
> From: webmasters at gnu.org
> To: sschaeffner at hotmail.com
> Date: Fri, 7 Nov 2008 19:17:50 -0500
> 
> Hi Scott,
> 
>     I was trying to respond to the post
>     http://lists.gnu.org/archive/html/help-gnutls/2008-11/msg00020.html
>     and got the following message on http://lists.gnu.org/mp/yyz.py
> 
> Thanks for the report.  I'll tell the sysadmins.
> 
>     and therefore it looks I can not post a response... .
> 
> Please email your response to help-gnutls at gnu.org with 
> Subject: Re: [Help-gnutls] Is gnutls using the shell model or the chain model for a certificate validation
> 
> and it should get through in due course.
> 
> Best,
> karl at gnu.org
> 
> 
> 

_________________________________________________________________
News, entertainment and everything you care about at Live.com. Get it now!
http://www.live.com/getstarted.aspx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20081110/81330258/attachment.htm>


More information about the Gnutls-help mailing list