[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Re: key trust
|
From: |
Richard Levitte - VMS Whacker |
|
Subject: |
Re: [Monotone-devel] Re: key trust |
|
Date: |
Wed, 12 Oct 2005 23:37:36 +0200 (CEST) |
In message <address@hidden> on Wed, 12 Oct 2005 20:18:21 +0100, Bruce Stephens
<address@hidden> said:
monotone> Richard Levitte - VMS Whacker <address@hidden> writes:
monotone>
monotone> [...]
monotone>
monotone> > Yes, self-signed certificates would provide exactly the
monotone> > same capabilities as today's key system does. This is
monotone> > what OpenCM did (does?), and I questioned that kind of use
monotone> > with that group, and I will here as well. Basically, it
monotone> > provides nothing more than bloat around the keys. If
monotone> > you're going to use X.509, do it for real.
monotone>
monotone> I think OpenCM can probably be considered as dead. Like
monotone> Stellation. Shame, because both seemed to me to have
monotone> interesting approaches to things.
Yeah, although, when I got my fingers dirty with OpenCM, it didn't
take me too long to realise that it would probably not become more
than a platform for others to take the next step from. I can't say
what exactly made me think so, it's a matter of intuition.
monotone> By doing X.509 "for real", are you thinking of the full
monotone> flexibility described in the recently published RFC 4158?
No, I was thinking of making good use of things like policy attributes
at assign roles or rights to a certificate holder. But sure, if you
want, there's always the possibility of coupling the whole thing with
a replicated LDAP repository and do the math with it :-).
But you'll have to wait until that RFC is implemented in OpenSSL :-).
monotone> I'm not saying that would be impossible---I believe the
monotone> freely available CML software (part of SMP) will do all
monotone> that, with knobs on.
I'll have to check that out. Last time I looked at BAE Software, they
hadn't come that far...
monotone> Maybe that's a good argument against doing it: stop
monotone> complaining doesn't use X.509, or we'll *really* do X.509,
monotone> and then you'll be sorry.
Hehehe
Cheers,
Richard
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte address@hidden
http://richard.levitte.org/
"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis
- key trust (was Re: [Monotone-devel] Transport encryption), (continued)
- key trust (was Re: [Monotone-devel] Transport encryption), Nathaniel Smith, 2005/10/12
- [Monotone-devel] Re: key trust, Richard Levitte - VMS Whacker, 2005/10/12
- Re: [Monotone-devel] Re: key trust, Brian Campbell, 2005/10/12
- [Monotone-devel] Re: key trust, Nathaniel Smith, 2005/10/12
- Re: [Monotone-devel] Re: key trust, Conrad Steenberg, 2005/10/12
- Re: [Monotone-devel] Re: key trust, Richard Levitte - VMS Whacker, 2005/10/12
- Re: [Monotone-devel] Re: key trust, Conrad Steenberg, 2005/10/12
- Re: [Monotone-devel] Re: key trust, Richard Levitte - VMS Whacker, 2005/10/12
- [Monotone-devel] Re: key trust, Bruce Stephens, 2005/10/12
- Re: [Monotone-devel] Re: key trust, Conrad Steenberg, 2005/10/12
- Re: [Monotone-devel] Re: key trust,
Richard Levitte - VMS Whacker <=
- [Monotone-devel] Re: key trust, Bruce Stephens, 2005/10/12
- Re: [Monotone-devel] Re: key trust, Richard Levitte - VMS Whacker, 2005/10/12
- Re: [Monotone-devel] Re: key trust, Conrad Steenberg, 2005/10/12
- Re: [Monotone-devel] Re: key trust, Richard Levitte - VMS Whacker, 2005/10/12
- [Monotone-devel] Re: key trust, Lapo Luchini, 2005/10/13
- Re: [Monotone-devel] Re: key trust, Chad Walstrom, 2005/10/13
- [Monotone-devel] Re: key trust, Lapo Luchini, 2005/10/13