Home GnuPG
Diffusion GnuPG 8a12a2000d82

gpgsm: Add new validation model "steed".
8a12a2000d82Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

gpgsm: Add new validation model "steed".

* sm/gpgsm.h (VALIDATE_FLAG_STEED): New.
* sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed".
* sm/server.c (option_handler): Allow validation model "steed".
* sm/certlist.c (gpgsm_cert_has_well_known_private_key): New.
* sm/certchain.c (do_validate_chain): Handle the
well-known-private-key attribute.  Support the "steed" model.
(gpgsm_validate_chain): Ditto.
* sm/verify.c (gpgsm_verify): Return "steed" in the trust status line.
* sm/keylist.c (list_cert_colon): Print the new 'w' flag.

This is the first part of changes to implement the STEED proposal as
described at http://g10code.com/steed.html . The idea for X.509 is
not to use plain self-signed certificates but certificates signed by a
dummy CA (i.e. one for which the private key is known). Having a
single CA as an indication for the use of STEED might help other X.509
implementations to implement STEED.

Details

Provenance
wernerAuthored on Dec 7 2011, 4:15 PM
Parents
rG14e4fdc9f97d: Correct punctuation in the ChangeLog summary line.
Branches
Unknown
Tags
Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rG8a12a2000d82: gpgsm: Add new validation model "steed". (authored by Werner Koch <wk@gnupg.org>).Dec 7 2011, 4:15 PM

Changes (9)

PathSize
doc/
sm/

rG8a12a2000d82

View Options

doc/DETAILS

Loading...
View Options

doc/gpgsm.texi

Loading...
View Options

sm/certchain.c

Loading...
View Options

sm/certlist.c

Loading...
View Options

sm/gpgsm.c

Loading...
View Options

sm/gpgsm.h

Loading...
View Options

sm/keylist.c

Loading...
View Options

sm/server.c

Loading...
View Options

sm/verify.c

Loading...