[Freedombox-discuss] my summary of yesterday's Hackfest
Melvin Carvalho
melvincarvalho at gmail.com
Tue Mar 1 17:08:52 UTC 2011
On 1 March 2011 18:00, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> On 03/01/2011 11:50 AM, Melvin Carvalho wrote:
>> Why not use the same key pair to generate an X.509 cert and a GPG key,
>> and have the best of both worlds?
>
> Sure, you can generate an arbitrary number of X.509 certificate requests
> from a given key, whether or not that key has been used to create an
> OpenPGP certificate. Who will sign those certificate requests? Which
> certifiers should the FreedomBox trust?
>
> The question for this list is whether FreedomBox should be relying on
> X.509 certificates for authentication, or whether it should prefer a
> certificate model that was designed from the ground up to be
> decentralized (as OpenPGP is).
>
> I have no objections to using X.509 certificates as simple, "dummy"
> public-key carriers (as soon as i can find the time, i hope to publish
> some work that encourages this use case, in fact).
>
> But I do have a strong objection to contaminating the Freedom Box with
> the flawed certificate authority model currently used by the
> "widely-adopted" mass of X.509 software.
Self sign your X.509 and you dont need a CA.
>
>> I think the GNOME keyring is doing some unification work in this area.
>
> i'd be interested to see a pointer to this work.
http://memberwebs.com/stef/misc/guadec-usable-crypto.pdf
>
> --dkg
>
>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss
>
>
More information about the Freedombox-discuss
mailing list