ANNOUNCE: Review requests

Enrico Scholz enrico.scholz at
Sat Mar 19 00:25:11 UTC 2005

ivazquez at (Ignacio Vazquez-Abrams) writes:

>> So I think, that GPG based authentication is much more secure than the
>> HTTP authentication.
> How about cert-based authentication?

It will be secure also, but I am not a big friend of it, because:

* it makes you depending on a single point of failure (the CA). IMO, not
  very much developers are willing to pay for a cert from a well known
  CA.  RH could run an own CA but as cert-generation will have to happen
  semi-automatic (e.g. for every new bugzilla login), I am not sure if
  this can happen in a secure way. The CA itself will have to be in a
  secure physical location which leads to additional costs also.

  When the CA gets compromitted, *all* certs will be void also.

* I am concerned about my privacy: everytime, when I visit
  my cert would be transmitted and I would identify myself. Perhaps not a
  problem with RH, but generally, I want to keep some anonymity in the

* it is not trackable. With GPG based authentication, you could store the
  GPG signed steering messages (e.g. "I guarantee, that project foobar
  does not violate current laws and ...") with their signature. IMHO, it
  is easier to convince a judge that such messages were originated by
  you, instead of trying to explain the SSL protocol which was used to
  transmit the message.

* SSL certs are bundled with the browser and can you guarantee that
  there are no cross-side-scripting attacks or javascript weaknesses
  which can transmit arbitrary content to  With GPG you can
  add some security by forbidding direct usage of the GPG key (e.g
  browsing as a different user or applying an SELinux policy which
  denies reading of ~/.gnupg for firefox).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 480 bytes
Desc: not available
URL: <>

More information about the fedora-extras-list mailing list