continuity of identity
Adam Shostack
adam at homeport.org
Thu Sep 29 17:06:24 EDT 2005
On a somewhat related note, the other day, I was working on a shell
script to automate Mac access to Google's Secure Access system.
Now, as I did this, I was able to get curl to respect a single CA as
the only CA it should accept, but I was totally unable to get any form
of certificate persistance. Is there a way to do this, or am I forced
to invoke openssl and parse its output?
Adam
On Tue, Sep 27, 2005 at 04:05:42PM -0400, John Denker wrote:
| Jerrold Leichter mentioned that:
|
| > a self-
| >signed cert is better than no cert at all: At least it can be used in an
| >SSH-like "continuity of identity" scheme.
|
| I agree there is considerable merit to a "continuity of identity"
| scheme.
|
| But there are ways the idea can be improved. So let's discuss it.
|
| For starters, let me suggest that rather than having a self-signed
| certificate of the type created more-or-less automatically when
| you set up your Apache server or set up your SSH daemon, it makes
| more sense to set up your own CA and issue your own certs from
| there. In some sense this is just a different type of self-signing,
| but it adds a possibly useful layer of indirection.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list