/mandos/trunk : revision 98

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2008-08-24 09:40:58 UTC
Revision ID: teddy@fukt.bsnet.se-20080824094058-bdqng3t1e3hfnk2e

* plugin-runner.c (getplugin): Only copy "name" if not NULL.  Free
                               "copy_name" if any error occurs.
  (free_plugin_list): Do not free "name" member; it it freed as part
                      of argv.
  (main): Set plugin_list to NULL after freeing it.

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/watch

default-mandos

init.d-mandos

intro.xml

legalnotice.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2012-01-15">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<title>&COMMANDNAME;</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<productname>&COMMANDNAME;</productname>

<productnumber>&VERSION;</productnumber>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@recompile.se</email>

<email>belorn@fukt.bsnet.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@recompile.se</email>

<email>teddy@fukt.bsnet.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<refname><command>&COMMANDNAME;</command></refname>

Gives encrypted passwords to authenticated Mandos clients

Sends encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--interface

<arg choice="plain"><option>-i

</group>

<sbr/>

<group>

<arg choice="plain"><option>--address

<replaceable>ADDRESS</replaceable></option></arg>

<arg choice="plain"><option>-a

<replaceable>ADDRESS</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--port

<arg choice="plain"><option>-p

</group>

<sbr/>

<arg><option>--priority

<replaceable>PRIORITY</replaceable></option></arg>

<sbr/>

<arg><option>--servicename

<sbr/>

<arg><option>--configdir

<replaceable>DIRECTORY</replaceable></option></arg>

<sbr/>

<arg><option>--debug</option></arg>

<sbr/>

<arg><option>--debuglevel

<replaceable>LEVEL</replaceable></option></arg>

<sbr/>

<sbr/>

<sbr/>

<arg><option>--no-restore</option></arg>

100

<sbr/>

101

<arg><option>--statedir

102

<replaceable>DIRECTORY</replaceable></option></arg>

<arg>--interface<arg choice="plain">IF</arg></arg>

<arg>--address<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

<arg>-a<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

103

</cmdsynopsis>

104

105

<command>&COMMANDNAME;</command>

106

107

108

109

</group>

110

</cmdsynopsis>

111

100

112

101

<command>&COMMANDNAME;</command>

113

<arg choice="plain"><option>--version</option></arg>

102

<arg choice="plain">--version</arg>

114

103

</cmdsynopsis>

115

104

116

105

<command>&COMMANDNAME;</command>

117

<arg choice="plain"><option>--check</option></arg>

106

<arg choice="plain">--check</arg>

118

107

</cmdsynopsis>

119

108

</refsynopsisdiv>

120

109

121

110

122

111

<title>DESCRIPTION</title>

123

112

<para>

124

113

<command>&COMMANDNAME;</command> is a server daemon which

125

114

handles incoming request for passwords for a pre-defined list of

126

client host computers. For an introduction, see

127

<citerefentry><refentrytitle>intro</refentrytitle>

128

<manvolnum>8mandos</manvolnum></citerefentry>. The Mandos server

129

uses Zeroconf to announce itself on the local network, and uses

130

TLS to communicate securely with and to authenticate the

131

clients. The Mandos server uses IPv6 to allow Mandos clients to

132

use IPv6 link-local addresses, since the clients will probably

133

not have any other addresses configured (see <xref

134

linkend="overview"/>). Any authenticated client is then given

135

the stored pre-encrypted password for that specific client.

115

client host computers. The Mandos server uses Zeroconf to

116

announce itself on the local network, and uses TLS to

117

communicate securely with and to authenticate the clients. The

118

Mandos server uses IPv6 to allow Mandos clients to use IPv6

119

link-local addresses, since the clients will probably not have

120

any other addresses configured (see <xref linkend="overview"/>).

121

Any authenticated client is then given the stored pre-encrypted

122

password for that specific client.

136

123

</para>

124

137

125

</refsect1>

138

126

139

127

140

128

<title>PURPOSE</title>

129

141

130

<para>

142

131

The purpose of this is to enable <emphasis>remote and unattended

143

132

rebooting</emphasis> of client host computer with an

144

133

<emphasis>encrypted root file system</emphasis>. See <xref

145

134

linkend="overview"/> for details.

146

135

</para>

136

147

137

</refsect1>

148

138

149

139

150

140

<title>OPTIONS</title>

141

151

142

152

143

153

154

144

155

145

156

146

<para>

157

147

Show a help message and exit

158

148

</para>

159

149

</listitem>

160

150

</varlistentry>

161

151

162

152

163

<term><option>--interface</option>

164

165

166

153

<term><literal>-i</literal>, <literal>--interface <replaceable>

154

IF</replaceable></literal></term>

167

155

168

156

<xi:include href="mandos-options.xml" xpointer="interface"/>

169

157

</listitem>

170

158

</varlistentry>

171

159

172

160

173

<term><option>--address

174

<replaceable>ADDRESS</replaceable></option></term>

175

<term><option>-a

176

<replaceable>ADDRESS</replaceable></option></term>

161

<term><literal>-a</literal>, <literal>--address <replaceable>

162

ADDRESS</replaceable></literal></term>

177

163

178

164

<xi:include href="mandos-options.xml" xpointer="address"/>

179

165

</listitem>

180

166

</varlistentry>

181

167

182

168

183

<term><option>--port

184

185

<term><option>-p

186

169

170

PORT</replaceable></literal></term>

187

171

188

172

<xi:include href="mandos-options.xml" xpointer="port"/>

189

173

</listitem>

190

174

</varlistentry>

191

175

192

176

193

<term><option>--check</option></term>

177

<term><literal>--check</literal></term>

194

178

195

179

<para>

196

180

Run the server’s self-tests. This includes any unit

198

182

</para>

199

183

</listitem>

200

184

</varlistentry>

201

185

202

186

203

<term><option>--debug</option></term>

187

<term><literal>--debug</literal></term>

204

188

205

189

<xi:include href="mandos-options.xml" xpointer="debug"/>

206

190

</listitem>

207

191

</varlistentry>

208

209

210

<term><option>--debuglevel

211

<replaceable>LEVEL</replaceable></option></term>

212

213

<para>

214

Set the debugging log level.

215

<replaceable>LEVEL</replaceable> is a string, one of

216

<quote><literal>CRITICAL</literal></quote>,

217

<quote><literal>ERROR</literal></quote>,

218

<quote><literal>WARNING</literal></quote>,

219

<quote><literal>INFO</literal></quote>, or

220

<quote><literal>DEBUG</literal></quote>, in order of

221

increasing verbosity. The default level is

222

<quote><literal>WARNING</literal></quote>.

223

</para>

224

</listitem>

225

</varlistentry>

226

227

228

<term><option>--priority <replaceable>

229

PRIORITY</replaceable></option></term>

192

193

194

<term><literal>--priority <replaceable>

195

PRIORITY</replaceable></literal></term>

230

196

231

197

<xi:include href="mandos-options.xml" xpointer="priority"/>

232

198

</listitem>

233

199

</varlistentry>

234

200

235

201

236

<term><option>--servicename

237

202

<term><literal>--servicename <replaceable>NAME</replaceable>

203

</literal></term>

238

204

239

205

<xi:include href="mandos-options.xml"

240

206

xpointer="servicename"/>

241

207

</listitem>

242

208

</varlistentry>

243

209

244

210

245

<term><option>--configdir

246

<replaceable>DIRECTORY</replaceable></option></term>

211

<term><literal>--configdir <replaceable>DIR</replaceable>

212

</literal></term>

247

213

248

214

<para>

249

215

Directory to search for configuration files. Default is

255

221

</para>

256

222

</listitem>

257

223

</varlistentry>

258

224

259

225

260

<term><option>--version</option></term>

226

<term><literal>--version</literal></term>

261

227

262

228

<para>

263

229

Prints the program version and exit.

264

230

</para>

265

231

</listitem>

266

232

</varlistentry>

267

268

269

270

271

<xi:include href="mandos-options.xml" xpointer="dbus"/>

272

<para>

273

See also <xref linkend="dbus_interface"/>.

274

</para>

275

</listitem>

276

</varlistentry>

277

278

279

280

281

<xi:include href="mandos-options.xml" xpointer="ipv6"/>

282

</listitem>

283

</varlistentry>

284

285

286

<term><option>--no-restore</option></term>

287

288

<xi:include href="mandos-options.xml" xpointer="restore"/>

289

<para>

290

See also <xref linkend="persistent_state"/>.

291

</para>

292

</listitem>

293

</varlistentry>

294

295

296

<term><option>--statedir

297

<replaceable>DIRECTORY</replaceable></option></term>

298

299

<xi:include href="mandos-options.xml" xpointer="statedir"/>

300

</listitem>

301

</varlistentry>

302

233

</variablelist>

303

234

</refsect1>

304

235

305

236

306

237

<title>OVERVIEW</title>

307

238

<xi:include href="overview.xml"/>

308

239

<para>

309

240

This program is the server part. It is a normal server program

310

241

and will run in a normal system environment, not in an initial

311

<acronym>RAM</acronym> disk environment.

242

RAM disk environment.

312

243

</para>

313

244

</refsect1>

314

245

315

246

316

247

<title>NETWORK PROTOCOL</title>

317

248

<para>

369

300

</row>

370

301

</tbody></tgroup></table>

371

302

</refsect1>

372

303

373

304

374

305

<title>CHECKING</title>

375

306

<para>

376

307

The server will, by default, continually check that the clients

377

308

are still up. If a client has not been confirmed as being up

378

309

for some time, the client is assumed to be compromised and is no

379

longer eligible to receive the encrypted password. (Manual

380

intervention is required to re-enable a client.) The timeout,

381

extended timeout, checker program, and interval between checks

382

can be configured both globally and per client; see

383

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

310

longer eligible to receive the encrypted password. The timeout,

311

checker program, and interval between checks can be configured

312

both globally and per client; see <citerefentry>

313

<refentrytitle>mandos-clients.conf</refentrytitle>

384

314

<manvolnum>5</manvolnum></citerefentry>.

385

315

</para>

386

316

</refsect1>

387

388

389

<title>APPROVAL</title>

390

<para>

391

The server can be configured to require manual approval for a

392

client before it is sent its secret. The delay to wait for such

393

approval and the default action (approve or deny) can be

394

configured both globally and per client; see <citerefentry>

395

<refentrytitle>mandos-clients.conf</refentrytitle>

396

<manvolnum>5</manvolnum></citerefentry>. By default all clients

397

will be approved immediately without delay.

398

</para>

399

<para>

400

This can be used to deny a client its secret if not manually

401

approved within a specified time. It can also be used to make

402

the server delay before giving a client its secret, allowing

403

optional manual denying of this specific client.

404

</para>

405

406

</refsect1>

407

317

408

318

409

319

<title>LOGGING</title>

410

320

<para>

411

321

The server will send log message with various severity levels to

412

<filename class="devicefile">/dev/log</filename>. With the

322

<filename>/dev/log</filename>. With the

413

323

<option>--debug</option> option, it will log even more messages,

414

324

and also show them on the console.

415

325

</para>

416

326

</refsect1>

417

418

419

<title>PERSISTENT STATE</title>

420

<para>

421

Client settings, initially read from

422

<filename>clients.conf</filename>, are persistent across

423

restarts, and run-time changes will override settings in

424

<filename>clients.conf</filename>. However, if a setting is

425

<emphasis>changed</emphasis> (or a client added, or removed) in

426

<filename>clients.conf</filename>, this will take precedence.

427

</para>

428

</refsect1>

429

430

431

<title>D-BUS INTERFACE</title>

432

<para>

433

The server will by default provide a D-Bus system bus interface.

434

This interface will only be accessible by the root user or a

435

Mandos-specific user, if such a user exists. For documentation

436

of the D-Bus API, see the file <filename>DBUS-API</filename>.

437

</para>

438

</refsect1>

439

327

440

328

441

329

<title>EXIT STATUS</title>

442

330

<para>

444

332

critical error is encountered.

445

333

</para>

446

334

</refsect1>

447

335

448

336

449

337

<title>ENVIRONMENT</title>

450

338

451

339

452

340

453

341

454

342

<para>

455

343

To start the configured checker (see <xref

464

352

</varlistentry>

465

353

</variablelist>

466

354

</refsect1>

467

468

355

356

469

357

<title>FILES</title>

470

358

<para>

471

359

Use the <option>--configdir</option> option to change where

494

382

</listitem>

495

383

</varlistentry>

496

384

497

<term><filename>/var/run/mandos.pid</filename></term>

498

499

<para>

500

The file containing the process id of the

501

<command>&COMMANDNAME;</command> process started last.

502

</para>

503

</listitem>

504

</varlistentry>

505

506

507

</varlistentry>

508

509

<term><filename

510

class="directory">/var/lib/mandos</filename></term>

511

512

<para>

513

Directory where persistent state will be saved. Change

514

this with the <option>--statedir</option> option. See

515

also the <option>--no-restore</option> option.

385

<term><filename>/var/run/mandos/mandos.pid</filename></term>

386

387

<para>

388

The file containing the process id of

389

<command>&COMMANDNAME;</command>.

516

390

</para>

517

391

</listitem>

518

392

</varlistentry>

546

420

backtrace. This could be considered a feature.

547

421

</para>

548

422

<para>

423

Currently, if a client is declared <quote>invalid</quote> due to

424

having timed out, the server does not record this fact onto

425

permanent storage. This has some security implications, see

426

<xref linkend="CLIENTS"/>.

427

</para>

428

<para>

429

There is currently no way of querying the server of the current

430

status of clients, other than analyzing its <systemitem

431

class="service">syslog</systemitem> output.

432

</para>

433

<para>

549

434

There is no fine-grained control over logging and debug output.

550

435

</para>

551

436

<para>

552

437

Debug mode is conflated with running in the foreground.

553

438

</para>

554

439

<para>

555

This server does not check the expire time of clients’ OpenPGP

556

keys.

440

The console log messages does not show a timestamp.

557

441

</para>

558

442

</refsect1>

559

443

564

448

Normal invocation needs no options:

565

449

</para>

566

450

<para>

567

<userinput>&COMMANDNAME;</userinput>

451

<userinput>mandos</userinput>

568

452

</para>

569

453

</informalexample>

570

454

571

455

<para>

572

456

Run the server in debug mode, read configuration files from

573

the <filename class="directory">~/mandos</filename> directory,

574

and use the Zeroconf service name <quote>Test</quote> to not

575

collide with any other official Mandos server on this host:

457

the <filename>~/mandos</filename> directory, and use the

458

Zeroconf service name <quote>Test</quote> to not collide with

459

any other official Mandos server on this host:

576

460

</para>

577

461

<para>

578

462

579

463

580

<userinput>&COMMANDNAME; --debug --configdir ~/mandos --servicename Test</userinput>

464

<userinput>mandos --debug --configdir ~/mandos --servicename Test</userinput>

581

465

582

466

</para>

583

467

</informalexample>

589

473

<para>

590

474

591

475

592

<userinput>&COMMANDNAME; --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>

476

<userinput>mandos --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>

593

477

594

478

</para>

595

479

</informalexample>

596

480

</refsect1>

597

481

598

482

599

483

<title>SECURITY</title>

600

484

601

485

<title>SERVER</title>

602

486

<para>

603

487

Running this <command>&COMMANDNAME;</command> server program

604

488

should not in itself present any security risk to the host

605

computer running it. The program switches to a non-root user

606

soon after startup.

489

computer running it. The program does not need any special

490

privileges to run, and is designed to run as a non-root user.

607

491

</para>

608

492

</refsect2>

609

493

610

494

<title>CLIENTS</title>

611

495

<para>

612

496

The server only gives out its stored data to clients which

619

503

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

620

504

<manvolnum>5</manvolnum></citerefentry>)

621

505

<emphasis>must</emphasis> be made non-readable by anyone

622

except the user starting the server (usually root).

506

except the user running the server.

623

507

</para>

624

508

<para>

625

509

As detailed in <xref linkend="checking"/>, the status of all

627

511

compromised if they are gone for too long.

628

512

</para>

629

513

<para>

514

If a client is compromised, its downtime should be duly noted

515

by the server which would therefore declare the client

516

invalid. But if the server was ever restarted, it would

517

re-read its client list from its configuration file and again

518

regard all clients therein as valid, and hence eligible to

519

receive their passwords. Therefore, be careful when

520

restarting servers if it is suspected that a client has, in

521

fact, been compromised by parties who may now be running a

522

fake Mandos client with the keys from the non-encrypted

523

initial RAM image of the client host. What should be done in

524

that case (if restarting the server program really is

525

necessary) is to stop the server program, edit the

526

configuration file to omit any suspect clients, and restart

527

the server program.

528

</para>

529

<para>

630

530

For more details on client-side security, see

631

<citerefentry><refentrytitle>mandos-client</refentrytitle>

531

<citerefentry><refentrytitle>password-request</refentrytitle>

632

532

<manvolnum>8mandos</manvolnum></citerefentry>.

633

533

</para>

634

534

</refsect2>

635

535

</refsect1>

636

536

637

537

638

538

639

539

<para>

640

<citerefentry><refentrytitle>intro</refentrytitle>

641

<manvolnum>8mandos</manvolnum></citerefentry>,

642

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

643

<manvolnum>5</manvolnum></citerefentry>,

644

<citerefentry><refentrytitle>mandos.conf</refentrytitle>

645

<manvolnum>5</manvolnum></citerefentry>,

646

<citerefentry><refentrytitle>mandos-client</refentrytitle>

647

<manvolnum>8mandos</manvolnum></citerefentry>,

648

649

540

541

<refentrytitle>mandos.conf</refentrytitle>

542

543

<refentrytitle>mandos-clients.conf</refentrytitle>

544

545

<refentrytitle>password-request</refentrytitle>

546

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

547

548

</citerefentry>

650

549

</para>

651

550

652

551

673

572

</varlistentry>

674

573

675

574

<term>

676

<ulink url="http://www.gnu.org/software/gnutls/"

677

>GnuTLS</ulink>

575

<ulink

576

url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>

678

577

</term>

679

578

680

579

<para>

686

585

</varlistentry>

687

586

688

587

<term>

689

RFC 4291: <citetitle>IP Version 6 Addressing

690

Architecture</citetitle>

588

<citation>RFC 4291: <citetitle>IP Version 6 Addressing

589

Architecture</citetitle>, section 2.5.6, Link-Local IPv6

590

Unicast Addresses</citation>

691

591

</term>

692

592

693

694

695

<term>Section 2.2: <citetitle>Text Representation of

696

Addresses</citetitle></term>

697

698

</varlistentry>

699

700

<term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6

701

Address</citetitle></term>

702

703

</varlistentry>

704

705

<term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast

706

Addresses</citetitle></term>

707

708

<para>

709

The clients use IPv6 link-local addresses, which are

710

immediately usable since a link-local addresses is

711

automatically assigned to a network interfaces when it

712

is brought up.

713

</para>

714

</listitem>

715

</varlistentry>

716

</variablelist>

593

<para>

594

The clients use IPv6 link-local addresses, which are

595

immediately usable since a link-local addresses is

596

automatically assigned to a network interfaces when it is

597

brought up.

598

</para>

717

599

</listitem>

718

600

</varlistentry>

719

601

720

602

<term>

721

RFC 4346: <citetitle>The Transport Layer Security (TLS)

722

Protocol Version 1.1</citetitle>

603

<citation>RFC 4346: <citetitle>The Transport Layer Security

604

(TLS) Protocol Version 1.1</citetitle></citation>

723

605

</term>

724

606

725

607

<para>

729

611

</varlistentry>

730

612

731

613

<term>

732

RFC 4880: <citetitle>OpenPGP Message Format</citetitle>

614

<citation>RFC 4880: <citetitle>OpenPGP Message

615

Format</citetitle></citation>

733

616

</term>

734

617

735

618

<para>

739

622

</varlistentry>

740

623

741

624

<term>

742

RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer

743

Security</citetitle>

625

<citation>RFC 5081: <citetitle>Using OpenPGP Keys for

626

Transport Layer Security</citetitle></citation>

744

627

</term>

745

628

746

629

<para>

752

635

</variablelist>

753

636

</refsect1>

754

637

</refentry>

755

756

757

758

759

Older »