[Freedombox-discuss] my summary of yesterday's Hackfest
On 1 March 2011 18:00, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> On 03/01/2011 11:50 AM, Melvin Carvalho wrote:
>> Why not use the same key pair to generate an X.509 cert and a GPG key,
>> and have the best of both worlds?
> Sure, you can generate an arbitrary number of X.509 certificate requests
> from a given key, whether or not that key has been used to create an
> OpenPGP certificate. ?Who will sign those certificate requests? ?Which
> certifiers should the FreedomBox trust?
> The question for this list is whether FreedomBox should be relying on
> X.509 certificates for authentication, or whether it should prefer a
> certificate model that was designed from the ground up to be
> decentralized (as OpenPGP is).
> I have no objections to using X.509 certificates as simple, "dummy"
> public-key carriers (as soon as i can find the time, i hope to publish
> some work that encourages this use case, in fact).
> But I do have a strong objection to contaminating the Freedom Box with
> the flawed certificate authority model currently used by the
> "widely-adopted" mass of X.509 software.
Self sign your X.509 and you dont need a CA.
>> I think the GNOME keyring is doing some unification work in this area.
> i'd be interested to see a pointer to this work.
> ? ? ? ?--dkg
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org