1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<link rel="icon" type="image/png" href="graphics/gnutls-logo-icon.png">
<meta name="DC.title" content="gnutls.org">
<title>GnuTLS</title>
<!-- start of banner.html -->
<!-- start of head-include-2.html -->
<link rel="stylesheet" href="css/combo.css" media="screen">
<link rel="stylesheet" href="css/layout.css" media="screen">
<link rel="stylesheet" href="css/mini.css" media="handheld">
<link rel="stylesheet" href="css/print.css" media="print">
<!-- end of head-include-2.html -->
<!-- flattr code
<script type="text/javascript">
/* <![CDATA[ */
(function() {
var s=document.createElement('script'), t=document.getElementsByTagName('script')[0];
s.type = 'text/javascript';
s.async = true;
s.src = 'http://api.flattr.com/js/0.6/load.js?mode=auto';
t.parentNode.insertBefore(s, t);
})();
/* ]]> */
</script>
end of flattr -->
</head>
<body>
<!-- <body bgcolor="#ffffff" text="#000000" link="#1f00ff" alink="#ff0000" vlink="#9900dd"> -->
<style type="text/css">
table.transparent {
border-width: 0px;
border-spacing: 2px;
border-style: none;
border-color: white;
border-collapse: separate;
background-color: white;
}
table.transparent th {
border-width: 0px;
padding: 1px;
border-style: inset;
border-color: gray;
background-color: white;
-moz-border-radius: ;
}
table.transparent td {
border-width: 0px;
padding: 1px;
border-style: inset;
border-color: gray;
background-color: white;
-moz-border-radius: ;
}
table.news-transparent {
border-width: 3px;
border-spacing: 5px;
border-style: none;
border-color: #ccbcbc;
border-collapse: separate;
background-color: transparent;
}
table.news-transparent th {
border-width: 0px;
padding: 1px;
border-style: inset;
border-color: gray;
background-color: transparent;
-moz-border-radius: ;
}
table.news-transparent td {
border-width: 1px;
padding: 3px;
border-style: solid;
border-color: #e0d7d7;
background-color: transparent;
-moz-border-radius: ;
}
table.news {
border-width: 0px;
border-spacing: 2px;
border-style: none;
border-color: white;
border-collapse: separate;
background-color: #e5e5e5;
}
table.news th {
border-width: 0px;
padding: 1px;
border-style: inset;
border-color: gray;
background-color: #ccbcbc;
-moz-border-radius: ;
}
table.news td {
border-width: 0px;
padding: 1px;
border-style: inset;
border-color: gray;
background-color: #e0d7d7;
-moz-border-radius: ;
}
</style>
<h1>GnuTLS OpenPGP key support</h1>
<p>
Currently GnuTLS has experimental support for OpenPGP keys.
OpenPGP keys are similar to X.509 certificates, in the sense that hold
public key parameters. However they also allow for non-hierarchical trust
models. This is not like an other new feature. It is more like a policy
change. Here follows a description of both models.
<p>
<h2>The X.509 trust model</h2>
<img src="graphics/tree1.png" border="0" align="right" alt="" width="349" height="444">
Currently the X.509 protocols which are used for Certificate
authentication, users have to be certified in a hierarchical way.
The model can be described by Certificate Authority (CA from now on), that
signs people's and object's certificates.
An object might be a user, a server, of even an other CA. A user who trusts the
Certificate Authority's decisions, will be able to trust an other user,
by just checking if the other user's certificate is signed by the trusted CA.
<p>
See the <a href="graphics/tree1.png">figure1</a> for a graphical representation.
In that figure a Central (Root) CA, certifies
two subordinate CAs, which then certify Alice, Bob and a server.
In that case, if Alice trusts the "Root CA" then she also trusts
Bob's certificate and the server's certificate.
<p>
The only requirement in that model is that a user must somehow
have the trusted CA's certificate available.
<p>
In the real world there are several Certificate Authorities, which certify people,
and objects, often for money. Thus users have to decide which of the CAs to
trust. One should note that the security of a model where someone
trusts several CAs, is equal to the security of the least secure CA.
<p>
Unfortunately the trusted CAs decision is barely done by users, in practice.
This decision of trusted CAs is done mostly by application programmers
and administrators. A good example of this is the included CA certificates
in popular web browsers.
<p>
<h2>The Openpgp trust model</h2>
<img src="graphics/pgp1.png" border="0" align="left" alt="" width="376" height="305">
The OpenPGP key authentication relies on a distributed trust model,
called the "web of trust". The "web of trust" uses a decentralized system of trusted
introducers, which are the same as a CA. OpenPGP allows anyone to sign
anyone's else public key. When Alice signs Bob's key, she is introducing
Bob's key to anyone who trusts Alice. If someone trusts Alice to introduce
keys, then Alice is a trusted introducer in the mind of that observer.
<p>
See the <a href="graphics/pgp1.png">figure2</a> which shows graphically the
above case. The normal arrows indicate the sign operation, while the dot
arrows indicate trust. Thus since Dave trusts Alice to be an introducer, and Alice
signed Bob's key, Dave also trusts Bob's key to be the real one.
<p>
There are some key points that are important in that model. In the example
Alice has to sign Bob's key, only if she is sure that the key belongs
to Bob. Otherwise she may also make Dave falsely believe that this
is Bob's key. Dave has also the responsibility to know who to trust.
This model is similar to real life relations.
<p>
Just see how Charlie behaves in the previous example.
Although he has signed Bob's key - because he knows, somehow, that it belongs to
Bob - he does not trust Bob to be an introducer.
Charlie decided to trust only Kevin, for some reason. A reason could be
that Bob is lazy enough, and signs other people's keys without being sure
that they belong to the actual owner.
<p>
Note that Certificate Authorities may exist in the OpenPGP model, although
they are not required.
<p>
<h2>Conclusion</h2>
In TLS and SSL traditionally the X.509 trust model is used. As shown
above this model has several restrictions comparing to the openpgp trust model.
Especially in distributed environments where the concept of authorities is
not clear, the use of the Openpgp trust model has obvious advantages.
<p>
We believe that users should have the freedom to choose the trust model that suits
best their needs, thus in GnuTLS we have implemented both. We have also
proposed modifications to the TLS protocol for OpenPGP keys to the IETF TLS
working group.
<p>
<hr>
Return to <a href="index.html">GnuTLS' home page</a>.
<p>
</div>
<!-- <p id="backtotop"><a href="#header">back to top</a></p> -->
</div>
<!-- end server/footer-text.html -->
<div id="footer">
<table width="100%" class="transparent" summary="">
<tr>
<td>
<p>
Please send broken links and other corrections or suggestions to
<a href="mailto:bugs@gnutls.org"><em>bugs@gnutls.org</em></a>.
</p>
<!--
<p>
Copyright © 2011, 2012 Free Software Foundation, Inc.<br>
Copyright © 2012 Nikos Mavrogiannopoulos<br>
Verbatim copying and distribution of this entire article are permitted worldwide, without royalty, in any medium, provided this notice, and the copyright notice, are preserved.<br>
</p>
-->
</td>
<!--
<td>
<div align="center">
<a class="FlattrButton" style="display:none;" rev="flattr;button:compact;" href="http://www.gnutls.org"></a>
<noscript><a href="http://flattr.com/thing/291598/GnuTLS" target="_blank">
<img src="http://api.flattr.com/button/flattr-badge-large.png" alt="Flattr this" title="Flattr this" border="0"></a></noscript>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="simon@josefsson.org">
<input type="hidden" name="item_name" value="Donation for development">
<input type="hidden" name="item_number" value="GnuTLS">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="cn" value="Comment">
<input type="hidden" name="currency_code" value="EUR">
<input type="hidden" name="tax" value="0">
<input type="hidden" name="bn" value="PP-DonationsBF">
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif" name="submit" alt="Paypal">
</form>
</div>
</td>
-->
<td>
Hosted by<br>
<a href="http://www.openit.de/"><img src="graphics/logo-sponsor.png" alt="Sponsor" title="Sponsor" border="0" width="76" height="24"></a>
</td>
</tr>
</table>
</div>
</body>
</html>
|
