On Thu, Mar 17, 2011 at 2:46 AM, Jan Danielsson <jan.m.daniels...@gmail.com> wrote: > On Wed, Mar 16, 2011 at 11:40 PM, Ron Wilson <ronw.m...@gmail.com> wrote: >> Even the public certs. The public certs you use are your means for >> authenticating who you trust. You want to be very careful accepting >> them. > > That's true for distributed web of trusts, but if you're using PKI > you (typically) use the CA certificate to verify the authenticity of a > client certificate. It's a different trust model.
I have implemented PKI systems, before. The difference is in the rules used for determining which certs you are willing to trust. Somebody (you?) mentioned his (your?) company uses smart cards. Depending on the system, theses cards range from secure ways to carry and present certs for validation, to ones with a hardware crypto module in both the card and the reader that perform validation using what is called a Zero Knowledge Proof, so that no certs are ever actually read out of the card. (The card's crypto module can also be used to generate and validate signatures by providing a copy of what you want signed or validated to the card. (or, more likely, a hash of what you want signed)) But even without smart cards, the primary rule is that you are only allowed to trust certs signed by a specified CA, which might be your company. (A web of trust loosens this rule by allowing a few levels of indirection.) Of course, just because your company says you MAY trust certs signed by their CA does not necessarily mean you want to or even should. In the most restrictive scenario, you not only require the certs be signed by your company (and/or other designated CAs), but also that you already pocess trusted copies of the individual certs. Or, alternatively, you have a list of the IDs of the certs you are willing to trust - provided they also meet the signing requirements. If the validated cert does not match, you don't trust it. (Of course, you also do not trust certs that fail validation.) > > As Joshua mentioned, gpg signing is already supported. But my > proposition was to add another trust model, for > organizations/industries which are not allowed to trust anything but > PKI structures. The vendor of your company's mandated PKI system likely provides a similar tool that you can configure Fossil to invoke in much the same way it invokes gpg. And I am suggesting using that tool. (see: fossil help settings). _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
