X.509 and CA certificates for other purposes (i.e. the IGTF)
-----BEGIN PGP SIGNED MESSAGE-----
I've seen the Debconf '12 discussion on X.509 certificate stores
and the Wiki page that came out of that discussion.
As far as I'm aware there aren't many mentions of  in the public
mailing lists, but I'm very interested to discuss where this is going.
My main interest is the use case for certificates from the science
grid community. The IGTF has a distribution of accredited CAs that
are used world-wide to authenticate both services and users. These are
typically not the kind of CAs you'd trust for on-line banking, but
- compute clusters
- grid storage pools
- science clouds
- science workflow portals
The point I'd like to raise is that the current model of CA
certificates seems to take an all-or-nothing approach: either a CA is
trusted (for whatever purpose) or not. For the IGTF CAs, this may not
be the right approach.
When I started packaging the IGTF distribution for Debian, there
was some discussion about what the right way of doing this would be.
In the light of new(er) ideas raised in, it seems more thought and
discussion is still needed.
I'm offering to help out, either by contributing to the discussion,
providing tooling, testing, etc.
Dennis van Dok
D.H. van Dok :: Software Engineer :: www.nikhef.nl/grid ::
Phone +31 20 592 22 28 :: http://www.nikhef.nl/~dennisvd/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/
-----END PGP SIGNATURE-----