12 Jun 16:46
Re: GnuTLS 2.3.14 - third release candidate for 2.4.0
From: Daniel Kahn Gillmor <dkg <at> fifthhorseman.net>
Subject: Re: GnuTLS 2.3.14 - third release candidate for 2.4.0
Newsgroups: gmane.comp.encryption.gpg.gnutls.devel
Date: 2008-06-12 14:46:59 GMT
Subject: Re: GnuTLS 2.3.14 - third release candidate for 2.4.0
Newsgroups: gmane.comp.encryption.gpg.gnutls.devel
Date: 2008-06-12 14:46:59 GMT
On Tue 2008-06-10 18:23:01 -0400, Simon Josefsson wrote:
> * Version 2.3.14 (released 2008-06-11)
>
> ** libgnutls [OpenPGP]: Changed OpenPGP verification behaviour.
> An OpenPGP certificate is now only considered verified if all the user
> IDs are verified.
I've tested this change against Andreas Metzler's debian packaging of
2.3.14, and it looks correct. A single unverifiable User ID on the
certificate causes verification failure. This "fail closed" behavior
is significantly better than the earlier "fail open" behavior.
Thanks!
Hopefully for gnutls 2.6 we can cook up more nuanced OpenPGP
certificate verification, where irrelevant unverified UserIDs don't
cause a failure.
Thanks for all the work on this,
--dkg
_______________________________________________ Gnutls-devel mailing list Gnutls-devel <at> gnu.org http://lists.gnu.org/mailman/listinfo/gnutls-devel
RSS Feed