Am Mi 05.02.2014, 00:03:23 schrieb Daniel Kahn Gillmor:
> > Why wouldn't the fingerprint and the DN not be enough? The whole
> > approach is based on the assumption that the X.509 certificate is
> > already available.
>
> if the X.509 certificate is already available, nothing else needs to
> be d
Am Mi 05.02.2014, 11:23:24 schrieb Werner Koch:
> In general it does not make sense to use the same key - there is no
> advantage.
I think that is not correct. It is today but not from the perspective of
my proposal.
a) If a CA uses the same key in both formats then we can get the
advantage wh
On 05/02/14 21:06, Werner Koch wrote:
> Almost all X.509 certification in public use certify only one of two
> things:
I never intended my message to say I would trust any CA. Hauke was looking for a
way to leverage trust in a CA; I was merely contributing something I thought he
might find interes
On 02/05/2014 03:06 PM, Werner Koch wrote:
> Almost all X.509 certification in public use certify only one of two
> things:
>
> - Someone has pushed a few bucks over to the CA.
>
> - Someone has convinced the CA to directly or indirectly issue a
>certificate.
To further clarify: "Domain V
On Wed, 5 Feb 2014 19:04, pe...@digitalbrains.com said:
> An X.509 certification obviously certifies that a certain X.509 certificate
> belongs to the person or role identified by the Distinguished Name. But seen a
Almost all X.509 certification in public use certify only one of two
things:
-
On 02/05/2014 01:04 PM, Peter Lebbing wrote:
> So you could create a hybrid model:
>
> I assign trust to a specific CA. That CA has issued a certificate with DN
> "XYZ".
> In my public OpenPGP keyring, there exists a key with a UID "XYZ", and that
> public key has the same raw key material as the
On 05/02/14 11:23, Werner Koch wrote:
> In general it does not make sense to use the same key - there is no
> advantage.
I could think of /a/ reason to do it. You could leverage existing X.509
certifications by CAs to verify key validity in the OpenPGP world.
An X.509 certification obviously cer
> That is not what I suggest. You can assign certification trust to any
> key. Why should this of all keys not be done with certain CA keys?
Ah, I had missed that nuance a bit, sorry.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if
Dear Martin,
Thanks a lot for your help. It works now!
After you pointed out re-negotiation, I first tried to find a way to
dynamically request TLS renegotiation from the server (apache tomcat).
All I could find is people thinking that this is a bad idea. I still
think it makes sense in the g
If you have a web server *and* a client where you can control the
session cache and initiate a re-negotiation, Firefox will try to look
at your token again.
At least this was the case a while ago.
--
Martin
+372 515 6495
On Wed, Feb 5, 2014 at 12:58 PM, Urs Hunkeler wrote:
> Hi,
>
> I use the G
Hi,
I use the GnuPG card and have installed all the software, including
Scute. I configured a server for HTTPS asking for client certificates.
When the card is inserted before requesting the page, I get a request
for the user PIN for the card, and then the certificate is exchanged
with the se
On Wed, 5 Feb 2014 04:15, mailinglis...@hauke-laging.de said:
> Wow. Does that mean that PGP can verify OpenPGP keys with X.509
> certificates (in combination with a related OpenPGP certificate)? Or is
> this just a "theoretical" feature?
IIRC, the PGP desktop client also integrated an IPsec c
On Wed, 5 Feb 2014 06:03, d...@fifthhorseman.net said:
> Werner recently (in message ID 87zjmv127f@vigenere.g10code.de)
> indicated his acceptance of a notation named extended-us...@gnupg.org
> with a value that can be set to "bitcoin". Maybe the same notation
We can do that as soon as gnii
> Hello,
> Aparrently the OpenPGP card is based on BasicCard [1] and from the
> BasicCard FAQ [2] I read:
> "For Enhanced BasicCards, the card has no hardware generator. The Enhanced
> BasicCards contain a unique manufacturing number which cannot be read from
> outside the card. The Rnd function u
14 matches
Mail list logo
