/mandos/trunk : revision 84

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2008-08-17 22:42:28 UTC
Revision ID: teddy@fukt.bsnet.se-20080817224228-nhor2yuv230if01i

* Makefile (DOCBOOKTOMAN): Use the local manpages/docbook.xsl file, do
                           not rely on a stylesheet declaration.

* mandos.xml: Removed <?xml-stylesheet>.  New entity "&OVERVIEW;"
              refers to "overview.xml". Changed all single quotes to
              double quotes for consistency.
  (DESCRIPTION): Use the term "TLS" and not "GnuTLS" for the protocol.
                 Refer to the "OVERVIEW" section for reason for IPv6
                 link-local addresses.
  (PURPOSE): Shortened a lot.  Refer to "OVERVIEW" section for details.
  (OVERVIEW): New section.  Include &OVERVIEW; and add a paragraph
              about what the role of this program is.
  (SECURITY/CLIENTS): Refer to the "CHECKING" section for details on
                      checking.
  (SEE ALSO): Changed from an <itemizedlist> to a <variablelist>.
              Added a short text for each entry.  Removed reference to
              plugin-runner(8mandos).  Add reference to RFC 4291 and
              RFC 4346.

* overview.xml: New file, containing a single <para>.  The idea is to
                use this in all the man pages.

* plugins.d/password-request.c: Updated comments about spurious
                                warnings.

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

legalnotice.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2010-09-26">

<!ENTITY % common SYSTEM "common.ent">

%common;

<!ENTITY OVERVIEW SYSTEM "overview.xml">

<title>Mandos Manual</title>

<title>&COMMANDNAME;</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<productname>&COMMANDNAME;</productname>

<productnumber>&VERSION;</productnumber>

<firstname>Björn</firstname>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<refname><command>&COMMANDNAME;</command></refname>

Gives encrypted passwords to authenticated Mandos clients

Sends encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--interface

<arg choice="plain"><option>-i

</group>

<sbr/>

<group>

<arg choice="plain"><option>--address

<replaceable>ADDRESS</replaceable></option></arg>

<arg choice="plain"><option>-a

<replaceable>ADDRESS</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--port

<arg choice="plain"><option>-p

</group>

<sbr/>

<arg><option>--priority

<replaceable>PRIORITY</replaceable></option></arg>

<sbr/>

<arg><option>--servicename

<sbr/>

<arg><option>--configdir

<replaceable>DIRECTORY</replaceable></option></arg>

<sbr/>

<arg><option>--debug</option></arg>

<sbr/>

<sbr/>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

</group>

100

</cmdsynopsis>

101

102

<command>&COMMANDNAME;</command>

103

<arg choice="plain"><option>--version</option></arg>

104

</cmdsynopsis>

105

106

<command>&COMMANDNAME;</command>

107

<arg choice="plain"><option>--check</option></arg>

<arg choice="opt">--interface<arg choice="plain">IF</arg></arg>

<arg choice="opt">--address<arg choice="plain">ADDRESS</arg></arg>

<arg choice="opt">--priority<arg choice="plain">PRIORITY</arg></arg>

<arg choice="opt">--servicename<arg choice="plain">NAME</arg></arg>

<arg choice="opt">--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg choice="opt">--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

<arg choice="opt">-a<arg choice="plain">ADDRESS</arg></arg>

<arg choice="opt">--priority<arg choice="plain">PRIORITY</arg></arg>

<arg choice="opt">--servicename<arg choice="plain">NAME</arg></arg>

<arg choice="opt">--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg choice="opt">--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

100

<arg choice="plain">--version</arg>

101

</cmdsynopsis>

102

103

<command>&COMMANDNAME;</command>

104

<arg choice="plain">--check</arg>

108

105

</cmdsynopsis>

109

106

</refsynopsisdiv>

110

107

111

108

112

109

<title>DESCRIPTION</title>

113

110

<para>

122

119

Any authenticated client is then given the stored pre-encrypted

123

120

password for that specific client.

124

121

</para>

122

125

123

</refsect1>

126

124

127

125

128

126

<title>PURPOSE</title>

127

129

128

<para>

130

129

The purpose of this is to enable <emphasis>remote and unattended

131

130

rebooting</emphasis> of client host computer with an

132

131

<emphasis>encrypted root file system</emphasis>. See <xref

133

132

linkend="overview"/> for details.

134

133

</para>

134

135

</refsect1>

136

137

138

<title>OPTIONS</title>

139

140

140

141

141

142

142

143

144

<para>

145

Show a help message and exit

146

</para>

147

</listitem>

148

</varlistentry>

149

150

151

<term><option>--interface</option>

152

153

154

155

156

<xi:include href="mandos-options.xml" xpointer="interface"/>

157

</listitem>

158

</varlistentry>

159

160

161

<term><option>--address

162

<replaceable>ADDRESS</replaceable></option></term>

163

<term><option>-a

164

<replaceable>ADDRESS</replaceable></option></term>

165

166

<xi:include href="mandos-options.xml" xpointer="address"/>

167

</listitem>

168

</varlistentry>

169

170

171

<term><option>--port

172

173

<term><option>-p

174

175

176

<xi:include href="mandos-options.xml" xpointer="port"/>

177

</listitem>

178

</varlistentry>

179

180

181

<term><option>--check</option></term>

149

150

151

<term><literal>-i</literal>, <literal>--interface <replaceable>

152

IF</replaceable></literal></term>

153

154

<para>

155

Only announce the server and listen to requests on network

156

interface <replaceable>IF</replaceable>. Default is to

157

use all available interfaces.

158

</para>

159

</listitem>

160

</varlistentry>

161

162

163

<term><literal>-a</literal>, <literal>--address <replaceable>

164

ADDRESS</replaceable></literal></term>

165

166

<para>

167

If this option is used, the server will only listen to a

168

specific address. This must currently be an IPv6 address;

169

an IPv4 address can be specified using the

170

<quote><literal>::FFFF:192.0.2.3</literal></quote> syntax.

171

Also, if a link-local address is specified, an interface

172

should be set, since a link-local address is only valid on

173

a single interface. By default, the server will listen to

174

all available addresses.

175

</para>

176

</listitem>

177

</varlistentry>

178

179

180

181

PORT</replaceable></literal></term>

182

183

<para>

184

If this option is used, the server to bind to that

185

port. By default, the server will listen to an arbitrary

186

port given by the operating system.

187

</para>

188

</listitem>

189

</varlistentry>

190

191

192

<term><literal>--check</literal></term>

182

193

183

194

<para>

184

195

Run the server’s self-tests. This includes any unit

186

197

</para>

187

198

</listitem>

188

199

</varlistentry>

189

190

191

<term><option>--debug</option></term>

192

193

<xi:include href="mandos-options.xml" xpointer="debug"/>

194

</listitem>

195

</varlistentry>

196

197

198

<term><option>--priority <replaceable>

199

PRIORITY</replaceable></option></term>

200

201

<xi:include href="mandos-options.xml" xpointer="priority"/>

202

</listitem>

203

</varlistentry>

204

205

206

<term><option>--servicename

207

208

209

<xi:include href="mandos-options.xml"

210

xpointer="servicename"/>

211

</listitem>

212

</varlistentry>

213

214

215

<term><option>--configdir

216

<replaceable>DIRECTORY</replaceable></option></term>

200

201

202

<term><literal>--debug</literal></term>

203

204

<para>

205

If the server is run in debug mode, it will run in the

206

foreground and print a lot of debugging information. The

207

default is <emphasis>not</emphasis> to run in debug mode.

208

</para>

209

</listitem>

210

</varlistentry>

211

212

213

<term><literal>--priority <replaceable>

214

PRIORITY</replaceable></literal></term>

215

216

<para>

217

GnuTLS priority string for the TLS handshake with the

218

clients. The default is

219

<quote><literal>SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP</literal></quote>.

220

See <citerefentry><refentrytitle>gnutls_priority_init

221

</refentrytitle><manvolnum>3</manvolnum></citerefentry>

222

for the syntax. <emphasis>Warning</emphasis>: changing

223

this may make the TLS handshake fail, making communication

224

with clients impossible.

225

</para>

226

</listitem>

227

</varlistentry>

228

229

230

<term><literal>--servicename <replaceable>NAME</replaceable>

231

</literal></term>

232

233

<para>

234

Zeroconf service name. The default is

235

<quote><literal>Mandos</literal></quote>. You only need

236

to change this if you for some reason want to run more

237

than one server on the same <emphasis>host</emphasis>,

238

which would not normally be useful. If there are name

239

collisions on the same <emphasis>network</emphasis>, the

240

newer server will automatically rename itself to

241

<quote><literal>Mandos #2</literal></quote>, and so on;

242

therefore, this option is not needed in that case.

243

</para>

244

</listitem>

245

</varlistentry>

246

247

248

<term><literal>--configdir <replaceable>DIR</replaceable>

249

</literal></term>

217

250

218

251

<para>

219

252

Directory to search for configuration files. Default is

225

258

</para>

226

259

</listitem>

227

260

</varlistentry>

228

261

229

262

230

<term><option>--version</option></term>

263

<term><literal>--version</literal></term>

231

264

232

265

<para>

233

266

Prints the program version and exit.

234

267

</para>

235

268

</listitem>

236

269

</varlistentry>

237

238

239

240

241

<xi:include href="mandos-options.xml" xpointer="dbus"/>

242

<para>

243

See also <xref linkend="dbus_interface"/>.

244

</para>

245

</listitem>

246

</varlistentry>

247

248

249

250

251

<xi:include href="mandos-options.xml" xpointer="ipv6"/>

252

</listitem>

253

</varlistentry>

254

270

</variablelist>

255

271

</refsect1>

256

272

257

273

258

274

<title>OVERVIEW</title>

259

<xi:include href="overview.xml"/>

275

&OVERVIEW;

260

276

<para>

261

277

This program is the server part. It is a normal server program

262

278

and will run in a normal system environment, not in an initial

263

<acronym>RAM</acronym> disk environment.

279

RAM disk environment.

264

280

</para>

265

281

</refsect1>

266

282

267

283

268

284

<title>NETWORK PROTOCOL</title>

269

285

<para>

295

311

296

312

</row>

297

313

<row>

298

314

299

315

300

316

</row>

301

317

<row>

321

337

</row>

322

338

</tbody></tgroup></table>

323

339

</refsect1>

324

340

325

341

326

342

<title>CHECKING</title>

327

343

<para>

328

344

The server will, by default, continually check that the clients

329

345

are still up. If a client has not been confirmed as being up

330

346

for some time, the client is assumed to be compromised and is no

331

longer eligible to receive the encrypted password. (Manual

332

intervention is required to re-enable a client.) The timeout,

347

longer eligible to receive the encrypted password. The timeout,

333

348

checker program, and interval between checks can be configured

334

349

both globally and per client; see <citerefentry>

335

<refentrytitle>mandos-clients.conf</refentrytitle>

336

<manvolnum>5</manvolnum></citerefentry>. A client successfully

337

receiving its password will also be treated as a successful

338

checker run.

339

</para>

340

</refsect1>

341

342

343

<title>APPROVAL</title>

344

<para>

345

The server can be configured to require manual approval for a

346

client before it is sent its secret. The delay to wait for such

347

approval and the default action (approve or deny) can be

348

configured both globally and per client; see <citerefentry>

349

<refentrytitle>mandos-clients.conf</refentrytitle>

350

<manvolnum>5</manvolnum></citerefentry>. By default all clients

351

will be approved immediately without delay.

352

</para>

353

<para>

354

This can be used to deny a client its secret if not manually

355

approved within a specified time. It can also be used to make

356

the server delay before giving a client its secret, allowing

357

optional manual denying of this specific client.

358

</para>

359

360

</refsect1>

361

350

<refentrytitle>mandos.conf</refentrytitle>

351

352

<refentrytitle>mandos-clients.conf</refentrytitle>

353

<manvolnum>5</manvolnum></citerefentry>.

354

</para>

355

</refsect1>

356

362

357

363

358

<title>LOGGING</title>

364

359

<para>

365

The server will send log message with various severity levels to

366

<filename>/dev/log</filename>. With the

360

The server will send log messaged with various severity levels

361

to <filename>/dev/log</filename>. With the

367

362

<option>--debug</option> option, it will log even more messages,

368

363

and also show them on the console.

369

364

</para>

370

365

</refsect1>

371

372

373

<title>D-BUS INTERFACE</title>

374

<para>

375

The server will by default provide a D-Bus system bus interface.

376

This interface will only be accessible by the root user or a

377

Mandos-specific user, if such a user exists. For documentation

378

of the D-Bus API, see the file <filename>DBUS-API</filename>.

379

</para>

380

</refsect1>

381

366

382

367

383

368

<title>EXIT STATUS</title>

384

369

<para>

386

371

critical error is encountered.

387

372

</para>

388

373

</refsect1>

389

390

391

<title>ENVIRONMENT</title>

392

393

394

395

396

<para>

397

To start the configured checker (see <xref

398

linkend="checking"/>), the server uses

399

<filename>/bin/sh</filename>, which in turn uses

400

<varname>PATH</varname> to search for matching commands if

401

an absolute path is not given. See <citerefentry>

402

403

</citerefentry>.

404

</para>

405

</listitem>

406

</varlistentry>

407

</variablelist>

408

</refsect1>

409

410

374

375

411

376

<title>FILES</title>

412

377

<para>

413

378

Use the <option>--configdir</option> option to change where

436

401

</listitem>

437

402

</varlistentry>

438

403

439

<term><filename>/var/run/mandos.pid</filename></term>

404

<term><filename>/var/run/mandos/mandos.pid</filename></term>

440

405

441

406

<para>

442

The file containing the process id of the

443

<command>&COMMANDNAME;</command> process started last.

407

The file containing the process id of

408

<command>&COMMANDNAME;</command>.

444

409

</para>

445

410

</listitem>

446

411

</varlistentry>

453

418

</para>

454

419

</listitem>

455

420

</varlistentry>

456

457

458

459

<para>

460

This is used to start the configured checker command for

461

each client. See <citerefentry>

462

<refentrytitle>mandos-clients.conf</refentrytitle>

463

<manvolnum>5</manvolnum></citerefentry> for details.

464

</para>

465

</listitem>

466

</varlistentry>

467

421

</variablelist>

468

422

</refsect1>

469

423

470

424

471

425

472

426

<para>

473

427

This server might, on especially fatal errors, emit a Python

474

428

backtrace. This could be considered a feature.

475

429

</para>

476

<para>

477

Currently, if a client is disabled due to having timed out, the

478

server does not record this fact onto permanent storage. This

479

has some security implications, see <xref linkend="clients"/>.

480

</para>

481

<para>

482

There is no fine-grained control over logging and debug output.

483

</para>

484

<para>

485

Debug mode is conflated with running in the foreground.

486

</para>

487

<para>

488

The console log messages do not show a time stamp.

489

</para>

490

<para>

491

This server does not check the expire time of clients’ OpenPGP

492

keys.

493

</para>

494

430

</refsect1>

495

496

497

<title>EXAMPLE</title>

431

432

433

<title>EXAMPLES</title>

498

434

499

435

<para>

500

436

Normal invocation needs no options:

501

437

</para>

502

438

<para>

503

<userinput>&COMMANDNAME;</userinput>

439

<userinput>mandos</userinput>

504

440

</para>

505

441

</informalexample>

506

442

513

449

<para>

514

450

515

451

516

<userinput>&COMMANDNAME; --debug --configdir ~/mandos --servicename Test</userinput>

452

<userinput>mandos --debug --configdir ~/mandos --servicename Test</userinput>

517

453

518

454

</para>

519

455

</informalexample>

525

461

<para>

526

462

527

463

528

<userinput>&COMMANDNAME; --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>

464

<userinput>mandos --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>

529

465

530

466

</para>

531

467

</informalexample>

532

468

</refsect1>

533

469

534

470

535

471

<title>SECURITY</title>

536

472

537

473

<title>SERVER</title>

538

474

<para>

539

Running this <command>&COMMANDNAME;</command> server program

540

should not in itself present any security risk to the host

541

computer running it. The program switches to a non-root user

542

soon after startup.

475

Running this &COMMANDNAME; server program should not in itself

476

present any security risk to the host computer running it.

477

The program does not need any special privileges to run, and

478

is designed to run as a non-root user.

543

479

</para>

544

480

</refsect2>

545

481

546

482

<title>CLIENTS</title>

547

483

<para>

548

484

The server only gives out its stored data to clients which

555

491

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

556

492

<manvolnum>5</manvolnum></citerefentry>)

557

493

<emphasis>must</emphasis> be made non-readable by anyone

558

except the user starting the server (usually root).

494

except the user running the server.

559

495

</para>

560

496

<para>

561

497

As detailed in <xref linkend="checking"/>, the status of all

563

499

compromised if they are gone for too long.

564

500

</para>

565

501

<para>

566

If a client is compromised, its downtime should be duly noted

567

by the server which would therefore disable the client. But

568

if the server was ever restarted, it would re-read its client

569

list from its configuration file and again regard all clients

570

therein as enabled, and hence eligible to receive their

571

passwords. Therefore, be careful when restarting servers if

572

it is suspected that a client has, in fact, been compromised

573

by parties who may now be running a fake Mandos client with

574

the keys from the non-encrypted initial <acronym>RAM</acronym>

575

image of the client host. What should be done in that case

576

(if restarting the server program really is necessary) is to

577

stop the server program, edit the configuration file to omit

578

any suspect clients, and restart the server program.

579

</para>

580

<para>

581

502

For more details on client-side security, see

582

<citerefentry><refentrytitle>mandos-client</refentrytitle>

503

<citerefentry><refentrytitle>password-request</refentrytitle>

583

504

<manvolnum>8mandos</manvolnum></citerefentry>.

584

505

</para>

585

506

</refsect2>

586

507

</refsect1>

587

508

588

509

589

510

590

<para>

591

592

<refentrytitle>mandos-clients.conf</refentrytitle>

593

594

<refentrytitle>mandos.conf</refentrytitle>

595

596

<refentrytitle>mandos-client</refentrytitle>

597

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

598

599

</citerefentry>

600

</para>

601

511

602

512

603

513

<term>

514

515

<refentrytitle>password-request</refentrytitle>

516

<manvolnum>8mandos</manvolnum>

517

</citerefentry>

518

</term>

519

520

<para>

521

This is the actual program which talks to this server.

522

Note that it is normally not invoked directly, and is only

523

run in the initial RAM disk environment, and not on a

524

fully started system.

525

</para>

526

</listitem>

527

</varlistentry>

528

529

<term>

604

530

<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>

605

531

</term>

606

532

623

549

</varlistentry>

624

550

625

551

<term>

626

<ulink url="http://www.gnu.org/software/gnutls/"

627

>GnuTLS</ulink>

552

<ulink

553

url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>

628

554

</term>

629

555

630

556

<para>

636

562

</varlistentry>

637

563

638

564

<term>

639

RFC 4291: <citetitle>IP Version 6 Addressing

640

Architecture</citetitle>

565

<citation>RFC 4291: <citetitle>IP Version 6 Addressing

566

Architecture</citetitle>, section 2.5.6, Link-Local IPv6

567

Unicast Addresses</citation>

641

568

</term>

642

569

643

644

645

<term>Section 2.2: <citetitle>Text Representation of

646

Addresses</citetitle></term>

647

648

</varlistentry>

649

650

<term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6

651

Address</citetitle></term>

652

653

</varlistentry>

654

655

<term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast

656

Addresses</citetitle></term>

657

658

<para>

659

The clients use IPv6 link-local addresses, which are

660

immediately usable since a link-local addresses is

661

automatically assigned to a network interfaces when it

662

is brought up.

663

</para>

664

</listitem>

665

</varlistentry>

666

</variablelist>

570

<para>

571

The clients use IPv6 link-local addresses, which are

572

immediately usable since a link-local addresses is

573

automatically assigned to a network interfaces when it is

574

brought up.

575

</para>

667

576

</listitem>

668

577

</varlistentry>

669

578

670

579

<term>

671

RFC 4346: <citetitle>The Transport Layer Security (TLS)

672

Protocol Version 1.1</citetitle>

580

<citation>RFC 4346: <citetitle>The Transport Layer Security

581

(TLS) Protocol Version 1.1</citetitle></citation>

673

582

</term>

674

583

675

584

<para>

679

588

</varlistentry>

680

589

681

590

<term>

682

RFC 4880: <citetitle>OpenPGP Message Format</citetitle>

591

<citation>RFC 4880: <citetitle>OpenPGP Message

592

Format</citetitle></citation>

683

593

</term>

684

594

685

595

<para>

689

599

</varlistentry>

690

600

691

601

<term>

692

RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer

693

Security</citetitle>

602

<citation>RFC 5081: <citetitle>Using OpenPGP Keys for

603

Transport Layer Security</citetitle></citation>

694

604

</term>

695

605

696

606

<para>

702

612

</variablelist>

703

613

</refsect1>

704

614

</refentry>

705

706

707

708

709

Older »