GnuTLS add OpenPGP authentication support

The GnuTLS project is going to add OpenPGP support as a Transport Layer Security (TLS) Authentication mechanism, as described by the same author in RFC5081.

Currently GnuTLS has experimental support for OpenPGP keys. OpenPGP keys are similar to X.509 certificates, in the sense that hold public key parameters. However they also allow for non-hierarchical trust models. This is not like an other new feature. It is more like a policy change. Here follows a description of both models.

I’ve researched about it for many years, but in my opinion it is far more better than other proposals such as gpgauth or mod_auth_pgp. At the moment, there’s a web server implementation through mod_gnutls under apache2, but no real client implementation is available. An example server and client is provided in the sources as gnutls-serv and gnutls-cli.

It sets the foundation for OpenPGP authentication, but it has still to be adopted into real programs. Will we assist to a real peer-to-peer authentication mechanism and success where PKI failed? I believe that the technology is there, we need to understand if there’s a will for it.

More on the GnuTLS web site.