Quoting Russ Allbery (2013-05-16 18:37:06) > So, again, it comes down to what problem we're trying to solve. If > the problem is just how do we authenticate Debian contributors to > Debian systems, then we're actually in the institutional case and we > don't have to trust anyone outside the project: we can deploy our own > central authentication system -- a CA, a Kerberos KDC, or any other > authentication system of choice -- and have all parties trust it, and > that will be much simpler and much easier to analyze than any of the > distributed models. Once we have our own CA, we could of course do > secure WebID if we wanted to using that CA (modulo the inherent > dubiousness of substituting endpoint authentication for user > authentication),
Above is *exactly* what I would love Debian to do. > but it's not clear to me why we'd bother as opposed to just issuing > client X.509 certificates with the metadata already included. Because the very separation of identifiers from the identified makes the identifiers usable to reliably semantically express Web of Data. http://linkeddata.org/ - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130516182856.29499.68...@bastian.jones.dk
