continuity of identity

Adam Shostack adam at
Thu Sep 29 17:06:24 EDT 2005

On a somewhat related note, the other day, I was working on a shell
script to automate Mac access to Google's Secure Access system.  

Now, as I did this, I was able to get curl to respect a single CA as
the only CA it should accept, but I was totally unable to get any form
of certificate persistance.  Is there a way to do this, or am I forced
to invoke openssl and parse its output?


On Tue, Sep 27, 2005 at 04:05:42PM -0400, John Denker wrote:
| Jerrold Leichter mentioned that:
| > a self-
| >signed cert is better than no cert at all:  At least it can be used in an 
| >SSH-like "continuity of identity" scheme.
| I agree there is considerable merit to a "continuity of identity"
| scheme.
| But there are ways the idea can be improved.  So let's discuss it.
| For starters, let me suggest that rather than having a self-signed
| certificate of the type created more-or-less automatically when
| you set up your Apache server or set up your SSH daemon, it makes
| more sense to set up your own CA and issue your own certs from
| there.  In some sense this is just a different type of self-signing,
| but it adds a possibly useful layer of indirection.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list