On 2013-03-22 20:02, Martin Paljak wrote: > > I've tried to digest KMIP but don't quite get the point. > If somebody could explain in a sentence or two why i would want to use it, > would be nice.
If your thing is storage and PCI compliance, KMIP is probably for you. The KMIP charter is though pretty bogus because the conveners didn't realize that key-management for "slave devices" and human-owned/operated mobile devices are two distinct use-cases that doesn't benefit from a single standard. For the latter the Linux world is stuck with a student hack from 1995 known as <keygen>. That's why I and _thousands_of_other_developers_over_the_globe_ on pretty expensive consulting contracts are building completely unique key-management solutions for "mobile banks". It is possible that the the platform owners believe that the banks' IT-folks are morons. Personally, I think the problem is rather that the banks and platform owners probably never ever have met! Anders > > -- > Sent from a device without a proper keyboard... > > On 22 Mar 2013 19:54, "Anders Rundgren" <[email protected] > <mailto:[email protected]>> wrote: > > On 2013-03-22 11:11, Stef Walter wrote: > > On 03/22/2013 10:13 AM, Anders Rundgren wrote: > >> IMO mobile devices need something else than GCR; they need a integrated > >> keystore and enrollment system. > > > > gcr is just a library with some widgets and some bits for prompting, > > parsing certificate files, and so on. Nothing fancy, just a grab bag of > > tools. > > > >> The competition will have that at least: > >> > >> http://webpki.org/papers/PKI/certenroll-features.pdf > >> > >> This is running in a PoC format on Android. > >> > >> To succeed you also need to bring in Mozilla who also work > >> with their own Mobile OS (which is lagging wrt user-keys). > >> > >> I would be interested in working with this but I feel that > >> everybody is really waiting for Google since they are the > >> market leader in this space. > > > > Anders, you keep bringing up certificate enrollment on every mailing > > list. I applaud your enthusiasm, and that's certainly something that > > worthwhile to work on. > > > > But just talking about it non-stop doesn't help it get done. I would be > > keenly interested, and a big fan, if you were to work on integrating > > this into Linux (desktop or otherwise). > > > > I would support work to integrate this into our stack (gnome-keyring, > > seahorse, gcr, ...), if that's how you want to go about it. Or if you'd > > rather do something separate, then that's cool too. > > I think the problem with this issue is that scope of the project goes > over so many different pieces that there's no chance for an individual > to master it all. This is probably the reason why Microsoft never > managed creating am enrollment system for consumers. Can the Linux > community do that? In theory they could but in practice it seems > unlikely unless some of larger parties pay for the job. > > In case you are really interested we should have a virtual conference > about certificate enrollment and key-stores. > > > > > Perhaps you've already done work here, so maybe I just haven't seen work > > to integrate it into any Linux platform that I regularly interact with. > > > > Are you part of the KMIP technical committee? > > I think KMIP will get zero support from the big vendors because > it doesn't address consumers' needs. > > Cheers, > Anders > > > > > Cheers, > > > > Stef > > > > _______________________________________________ > gnome-keyring-list mailing list > [email protected] <mailto:[email protected]> > https://mail.gnome.org/mailman/listinfo/gnome-keyring-list > _______________________________________________ gnome-keyring-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-keyring-list
