15 Jun 23:03
Re: GnuTLS 2.3.14 - third release candidate for 2.4.0
From: Simon Josefsson <simon <at> josefsson.org>
Subject: Re: GnuTLS 2.3.14 - third release candidate for 2.4.0
Newsgroups: gmane.comp.encryption.gpg.gnutls.devel
Date: 2008-06-15 21:03:27 GMT
Subject: Re: GnuTLS 2.3.14 - third release candidate for 2.4.0
Newsgroups: gmane.comp.encryption.gpg.gnutls.devel
Date: 2008-06-15 21:03:27 GMT
Daniel Kahn Gillmor <dkg <at> fifthhorseman.net> writes: > On Tue 2008-06-10 18:23:01 -0400, Simon Josefsson wrote: > >> * Version 2.3.14 (released 2008-06-11) >> >> ** libgnutls [OpenPGP]: Changed OpenPGP verification behaviour. >> An OpenPGP certificate is now only considered verified if all the user >> IDs are verified. > > I've tested this change against Andreas Metzler's debian packaging of > 2.3.14, and it looks correct. A single unverifiable User ID on the > certificate causes verification failure. This "fail closed" behavior > is significantly better than the earlier "fail open" behavior. > Thanks! > > Hopefully for gnutls 2.6 we can cook up more nuanced OpenPGP > certificate verification, where irrelevant unverified UserIDs don't > cause a failure. > > Thanks for all the work on this, Great. Thanks for confirming the status. I think we are ready for 2.4.0, but I'll do another release candidate now to make sure. /Simon
RSS Feed