Re: Bootstrapping

[Nate Campi]

On Wed, Feb 18, 2004 at 05:59:36PM +0100, Mark.Burgess@iu.hio.no wrote:
> 
> A fingerprint model is a possibilty but then you have the
> issue of how to refer to the owners of those keys in the
> admit: ACLs. If you cannot know the IP address, then how do
> you do access control? Using random fingerprints would be
> very cumbersome to maintain.

Offhand I can't think of a way around it. With the mobile hosts, the
cfservd process they phone home to probably doesn't use a whole lot in
the way of admit: restrictions anyways. Most of the access control will
be whether or not the connection is allowed after key exchange, then yes
or no stuff in the admit sections (as in don't allow cfrunCommand but
allow anyone we allow connections from to copy any files we give cfservd
access to).

That's how it seems to me, anyways.
-- 
Nate

"A man who won't die for something is not fit to live." 
 -Martin Luther King, Jr.  
 
"The report of my death was an exaggeration." 
 -Mark Twain, After reading his own obituary, June 2, 1897