On Mon, 17 May 2010 08:25:50 +0000, Christoph Anton Mitterer <calestyo@scientia.net> wrote: > On Mon, 17 May 2010 00:12:56 -0400, Micah Anderson <micah@riseup.net> > wrote: > > Can you clarify what you mean by "standardised technology"? I work on > > the monkeysphere project, and from my point of view, I'd have to > > disagree with you, but I may not understand what you mean. > What I mean was simply something that is standardised e.g. by IETF. > > I mean using OpenPGP with SSL is already standardised now by that RFC, and > IIRC gnutls is already supporting it... RFC 5081 is still quite a while off from widespread adoption. When it is more widely adopted, we will be in a much better situation, until then the monkeysphere is operating as an interim translation step (keeping the on-the-wire protocol the same). We've been closely involved in GnuTLS development, one of the monkeysphere developers has commit rights to the GnuTLS development project, and is part of the IETF TLS working group. For a while we had to provide our own version of GnuTLS because functionality that we needed for key translation was available in GnuTLS: enabling it to read authentication subkeys emitted by GnuPG under certain circumstances. The only modification needed simply enables the library to parse a GNU extension to the String-to-key (S2K) mechanism as laid out in RFC 4880. Fortunately, the patch that monkeysphere developer Daniel Kahn Gillmor provided to GnuTLS was accepted in version 2.6, so its supported natively now. > But as I wrote initially, I haven't had a closer look on it, so please > don't feel offended, or that I intended to make monkeysphere down. > Everything which gives us the chance to go away from X.509-PKI is a good > thing :) No offense taken, I suggest you take a closer look and give it a try, and if you are intrigued you should consider helping the project! micah
Attachment:
pgpnei73NoDbT.pgp
Description: PGP signature