1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

8 Commits

Author SHA1 Message Date
Werner Koch
52c6c30647
Switch to a hash and CERT record based PKA system.
* util/pka.c: Rewrite.
(get_pka_info): Add arg fprbuflen.  Change callers to pass this.
* util/strgutil.c (ascii_strlwr): New.
* configure.ac: Remove option --disable-dns-pka.
(USE_DNS_PKA): Remove ac_define.
* g10/getkey.c (parse_auto_key_locate): Always include PKA.
--

Note that although PKA is now always build, it will only work if
support for looking up via DNS has not been disabled.

The new PKA only works with the IPGP DNS certtype and shall be used
only to retrieve the fingerprint and optional the key for the first
time.  Due to the security problems with DNSSEC the former assumption
to validate the key using DNSSEC is not anymore justified.  Instead an
additional layer (e.g. Trust-On-First-Use) needs to be implemented to
track change to the key.  Having a solid way of getting a key matching
a mail address is however a must have.

More work needs to go into a redefinition of the --verify-options
pka-lookups and pka-trust-increase.  The auto-key-locate mechanism
should also be able to continue key fetching with another method once
the fingerprint has been retrieved with PKA.

Signed-off-by: Werner Koch <wk@gnupg.org>

This is a backport from master.
(backported from commit 2fc27c8696f5cf2ddf3212397ea49bff115d617b)
2015-02-26 18:30:08 +01:00
Werner Koch
a95143e225 Removed some set but unused vars. 2011-08-09 10:54:22 +02:00
Werner Koch
c156a636c6 Fix bug#1307
This is a backport of the fixes for 2.0.  There is only one real bug,
the other changes are for clarity and for more picky compilers.
2011-08-09 10:12:36 +02:00
Werner Koch
aa29ba1689 Minor changes to help the VMS port 2010-09-28 10:07:30 +00:00
Werner Koch
9a2a818887 Switched to GPLv3.
Updated gettext.
2007-10-23 10:48:09 +00:00
David Shaw
0b677ba499 * argparse.c (default_strusage): Copyright 2007.
* cert.c, srv.c, pka.c: Need arpa/inet.h for ntohs().
2007-04-15 16:37:01 +00:00
Werner Koch
1d139c8147 Implemented PKA trust model 2005-07-28 19:30:13 +00:00
Werner Koch
986a137c58 Implemented PKA trust model 2005-07-28 18:59:36 +00:00