[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT] Re: Open then gates

On Mon, 17 May 2010 08:25:50 +0000, Christoph Anton Mitterer <calestyo@scientia.net> wrote:
> On Mon, 17 May 2010 00:12:56 -0400, Micah Anderson <micah@riseup.net>
> wrote:
> > Can you clarify what you mean by "standardised technology"? I work on
> > the monkeysphere project, and from my point of view, I'd have to
> > disagree with you, but I may not understand what you mean.
> What I mean was simply something that is standardised e.g. by IETF.
> I mean using OpenPGP with SSL is already standardised now by that RFC, and
> IIRC gnutls is already supporting it...

RFC 5081 is still quite a while off from widespread adoption. When it is
more widely adopted, we will be in a much better situation, until then
the monkeysphere is operating as an interim translation step (keeping
the on-the-wire protocol the same).

We've been closely involved in GnuTLS development, one of the
monkeysphere developers has commit rights to the GnuTLS development
project, and is part of the IETF TLS working group. 

For a while we had to provide our own version of GnuTLS because
functionality that we needed for key translation was available in
GnuTLS: enabling it to read authentication subkeys emitted by GnuPG
under certain circumstances. The only modification needed simply enables
the library to parse a GNU extension to the String-to-key (S2K)
mechanism as laid out in RFC 4880. Fortunately, the patch that
monkeysphere developer Daniel Kahn Gillmor provided to GnuTLS was
accepted in version 2.6, so its supported natively now.

> But as I wrote initially, I haven't had a closer look on it, so please
> don't feel offended, or that I intended to make monkeysphere down.
> Everything which gives us the chance to go away from X.509-PKI is a good
> thing :)

No offense taken, I suggest you take a closer look and give it a
try, and if you are intrigued you should consider helping the project!


Attachment: pgpnei73NoDbT.pgp
Description: PGP signature

Reply to: