[Fwd: Account Security Question]

[Ignacio Vazquez-Abrams]

For your consideration.

-------- Forwarded Message --------
From: Michael Tant <mtant621 at charter.net>
To: webmaster at fedoraproject.org
Subject: Account Security Question
Date: Wed, 7 Jan 2009 14:22:20 -0500

Upon creating my account on the fedoraproject site, I was asked to
submit a public key and download a client certificate.  First, what is
the public key used for?  I sent a 1024 rsa pubkey made with ssh-keygen.
Does it have to be rsa or can I change that to a 2048 dsa key?  I
commonly use my windows side to access the internet and my linux side
more as a server than a terminal side, though it has client side
available.  Should the dsa public key be kept on the browser side, or
isolated to the linux side?  The Private Key is kept offline on
removable media.
 
In regards to the certificate, it requests I add this to a particular
location in the system.  Is the certificate used to authenticate my
sessions with fedoraproject or just for the purposes of linux
developing?  If it is used for authentication, can this be used on a
windows based system, or should I login from my linux side?  I'm not a
developer as of yet, my programming skills are hardly up to par yet.
Regardless of the use, events of yesterday lead me to ask, is this a MD5
hash or SHA1 or SHA2 hash?  I ask this because of the collision exploit
to md5 certificates.  Please let me know, and if it is a MD5 hash, can I
request a SHA clientside certificate?  
 
Being new to Linux, I am thrilled to to have membership in
fedoraproject, as I have found linux nearly superior to windows in many
areas.  
 
Thank You,
 
Michael Tant

-- 
Ignacio Vazquez-Abrams <ivazqueznet at gmail.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20090107/c2da14ae/attachment.sig>