Date: Thu, 18 May 2000 11:54:31 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Wes Peters <wes@softweyr.com> Cc: security@FreeBSD.org Subject: CAs (was: Re: HEADS UP: New host key for freefall!) Message-ID: <200005181554.LAA05366@khavrinen.lcs.mit.edu> In-Reply-To: <3923A26C.2E61D1E1@softweyr.com> References: <Pine.NEB.3.96L.1000517091336.20229A-100000@fledge.watson.org> <Pine.BSF.4.21.0005170922460.48263-100000@freefall.freebsd.org> <200005171951.PAA15001@khavrinen.lcs.mit.edu> <3923A26C.2E61D1E1@softweyr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Thu, 18 May 2000 01:57:32 -0600, Wes Peters <wes@softweyr.com> said: > Right. Our needs are relatively simple: > o Generate and keep safe a CA key. Sure. > o Sign a certificate request for each committer. I don't see that this is necessary or useful. > o Generate and keep safe a certificate for each "hat". Generate and keep safe a *key* for each role account. The certificate itself is by design public knowledge. > o Be able to transfer certificates from one person to another when a > new head fills a "hat". Again, s/certificate/key/g. > There is a lot more than email to be considered here. New SSH keys > for freefall could be much more easily posted on a secure web page > than emailed to the whole world. But doing so wouldn't prove anything. In a case like this, the new key needs to be vouched for by a specific person: the person who installed the new key (in this case, the root@FreeBSD.org role account). In such a circumstance, X.509 has little advantage and lots of unnecessary complexity and cost over something like PGP. -GAWollman -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005181554.LAA05366>