Crypographically Strong Software Distribution HOWTO

Rich Salz rsalz at zolera.com
Tue Jul 3 12:15:24 EDT 2001


> Oh? How? All you are suggesting is that the role key is held by a CA -
> well, who is that going to be, then?

Unh, no.  The same way the ASF determines who gets commit access could
be teh same way the ASF determines who their CA will give
release-signing keys to. The same way the ASF takes away someone's
commit access is the same way they could update the CRL.

All those key update, distribution, revocation, etc., stuff -- all those
hard problems you said you want to automate -- go away.  Recipients need
only trust the Apache CA and its CRL.
	/r$



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list