Re: dns cert support (was: GnuPG 1.4.3 released)

On Tue, Apr 04, 2006 at 05:57:07PM -0400, David Shaw wrote: > On Tue, Apr 04, 2006 at 08:25:01PM +0200, Peter Palfrader wrote: > > Also, is there a tool that produces a snippet which is ready for > > inclusion into a zone file anywhere? Something similar to ssh-keygen > > for SSHFP RRs: > > [EMA

Re: dns cert support

On Wed, Apr 05, 2006 at 03:18:31PM +0200, Peter Palfrader wrote: > On Wed, 05 Apr 2006, David Shaw wrote: > > > On Wed, Apr 05, 2006 at 12:30:42PM +0200, Peter Palfrader wrote: > > > > > I notice that if I have both, a IPGP and a PGP CERT RR that GnuPG fails > > > to import the key some of the ti

Re: dns cert support

On Wed, 05 Apr 2006, David Shaw wrote: > On Wed, Apr 05, 2006 at 12:30:42PM +0200, Peter Palfrader wrote: > > > I notice that if I have both, a IPGP and a PGP CERT RR that GnuPG fails > > to import the key some of the time: > > [..] > > > } ;; ANSWER SECTION: > > } peter.palfrader.org.43200

Re: dns cert support

On Wed, Apr 05, 2006 at 12:30:42PM +0200, Peter Palfrader wrote: > I notice that if I have both, a IPGP and a PGP CERT RR that GnuPG fails > to import the key some of the time: [..] > } ;; ANSWER SECTION: > } peter.palfrader.org.43200 IN CERT6 0 0 > FFsAyW1dVK7hIGuvhN56r26UwJx/ >

Re: dns cert support

On Tue, 04 Apr 2006, Peter Palfrader wrote: > On Mon, 03 Apr 2006, Werner Koch wrote: > > > * New auto-key-locate option that takes an ordered list of methods > > to locate a key if it is not available at encryption time (-r or > > --recipient). Possible methods include "cert" (u

Re: dns cert support

On Wed, 05 Apr 2006, Werner Koch wrote: > On Wed, 5 Apr 2006 10:02:28 +0200, Peter Palfrader said: > > > + const char *tmp = fpr; > > + while (*tmp) > > + { > > + if (isxdigit(*tmp)) > > Will segv on many non-glibc systems if you pass non-ascii characters > to it. Never ever use

Re: dns cert support

On Wed, 5 Apr 2006 10:02:28 +0200, Peter Palfrader said: > + const char *tmp = fpr; > + while (*tmp) > + { > + if (isxdigit(*tmp)) Will segv on many non-glibc systems if you pass non-ascii characters to it. Never ever use isfoo functions without additional checks. Salam-Sha

Re: dns cert support

On Tue, 04 Apr 2006, David Shaw wrote: > > Also, is there a tool that produces a snippet which is ready for > > inclusion into a zone file anywhere? Something similar to ssh-keygen > > for SSHFP RRs: > > [EMAIL PROTECTED]:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key -g > > galaxy IN T

Re: dns cert support (was: GnuPG 1.4.3 released)

On Tue, Apr 04, 2006 at 08:25:01PM +0200, Peter Palfrader wrote: > On Mon, 03 Apr 2006, Werner Koch wrote: > > > * New auto-key-locate option that takes an ordered list of methods > > to locate a key if it is not available at encryption time (-r or > > --recipient). Possible metho

dns cert support (was: GnuPG 1.4.3 released)

On Mon, 03 Apr 2006, Werner Koch wrote: > * New auto-key-locate option that takes an ordered list of methods > to locate a key if it is not available at encryption time (-r or > --recipient). Possible methods include "cert" (use DNS CERT as > per RFC2538bis, "pka" (use DNS P