ANNOUNCE: Review requests
enrico.scholz at informatik.tu-chemnitz.de
Sat Mar 19 00:25:11 UTC 2005
ivazquez at ivazquez.net (Ignacio Vazquez-Abrams) writes:
>> So I think, that GPG based authentication is much more secure than the
>> HTTP authentication.
> How about cert-based authentication?
It will be secure also, but I am not a big friend of it, because:
* it makes you depending on a single point of failure (the CA). IMO, not
very much developers are willing to pay for a cert from a well known
CA. RH could run an own CA but as cert-generation will have to happen
semi-automatic (e.g. for every new bugzilla login), I am not sure if
this can happen in a secure way. The CA itself will have to be in a
secure physical location which leads to additional costs also.
When the CA gets compromitted, *all* certs will be void also.
* I am concerned about my privacy: everytime, when I visit www.redhat.com
my cert would be transmitted and I would identify myself. Perhaps not a
problem with RH, but generally, I want to keep some anonymity in the
* it is not trackable. With GPG based authentication, you could store the
GPG signed steering messages (e.g. "I guarantee, that project foobar
does not violate current laws and ...") with their signature. IMHO, it
is easier to convince a judge that such messages were originated by
you, instead of trying to explain the SSL protocol which was used to
transmit the message.
* SSL certs are bundled with the browser and can you guarantee that
which can transmit arbitrary content to redhat.com? With GPG you can
add some security by forbidding direct usage of the GPG key (e.g
browsing as a different user or applying an SELinux policy which
denies reading of ~/.gnupg for firefox).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 480 bytes
Desc: not available
More information about the fedora-extras-list