[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Re: key trust
From: |
Conrad Steenberg |
Subject: |
Re: [Monotone-devel] Re: key trust |
Date: |
Wed, 12 Oct 2005 16:15:39 -0700 |
On Wed, 2005-10-12 at 23:10 +0100, Bruce Stephens wrote:
> Richard Levitte - VMS Whacker <address@hidden> writes:
>
> [...]
>
> > No, I was thinking of making good use of things like policy attributes
> > at assign roles or rights to a certificate holder. But sure, if you
> > want, there's always the possibility of coupling the whole thing with
> > a replicated LDAP repository and do the math with it :-).
>
> But if your certificate has all those decorations then it's probably
> not so usable for other purposes, so I'd guess that would diminish the
> "single signon" type argument for using X.509?
I strongly agree with this sentiment: use the certs for identification
only, to authorization.
Adding these non-standard attributes to X509 certs is far worse than
inventing your own certificate system: you get all the bloat of an
exiting specification, without any of the benefits of that
specification: interoperability, and the use of standard tools and
libraries.
> I suspect that if monotone had an ssh-agent type system (maybe even
> one that actually used ssh-agent, whether or not it used ssh keys),
> then a lot of the irritation with using monotone-specific keys would
> go?
>
> > But you'll have to wait until that RFC is implemented in OpenSSL :-).
>
> OK, not for a couple of weeks, then?
>
> [...]
>
>
>
> _______________________________________________
> Monotone-devel mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/monotone-devel
--
Conrad Steenberg <address@hidden>
California Institute of Technology
smime.p7s
Description: S/MIME cryptographic signature
- [Monotone-devel] Re: key trust, (continued)
- Re: [Monotone-devel] Re: key trust, Conrad Steenberg, 2005/10/12
- Re: [Monotone-devel] Re: key trust, Richard Levitte - VMS Whacker, 2005/10/12
- [Monotone-devel] Re: key trust, Bruce Stephens, 2005/10/12
- Re: [Monotone-devel] Re: key trust, Conrad Steenberg, 2005/10/12
- Re: [Monotone-devel] Re: key trust, Richard Levitte - VMS Whacker, 2005/10/12
- [Monotone-devel] Re: key trust, Bruce Stephens, 2005/10/12
- Re: [Monotone-devel] Re: key trust, Richard Levitte - VMS Whacker, 2005/10/12
- Re: [Monotone-devel] Re: key trust,
Conrad Steenberg <=
- Re: [Monotone-devel] Re: key trust, Richard Levitte - VMS Whacker, 2005/10/12
- [Monotone-devel] Re: key trust, Lapo Luchini, 2005/10/13
- Re: [Monotone-devel] Re: key trust, Chad Walstrom, 2005/10/13
- [Monotone-devel] Re: key trust, Lapo Luchini, 2005/10/13