I searched the above combination of keywords on http://marc.theaimsgroup.com/ and got nothing. I assume, then, that this group has no messages dealing with the question of whether or not I can use GnuPG to create certificates that I can use to support https on Apache.
The more general searches I used provided lots on the details of creating certificates and keys for use in encrypting and signing documents, but nothing on the more specific questions of practical application. I actually have a couple concerns. One dealing with supporting HTTPS on the Apache web server (instead of buying one from, e.g., GoDaddy - and a related question being can I sign a web page, which may not be sent via https, so that the user viewing it knows it has not been altered in transit) and the other dealing with authentication of users submitting data to a web application that lives on Apache, and similarly the authentication of folk sending email to my server, in both cases, meaning, is the person providing the data who he says he is. For this second issue, it is a question of being able to support non-repudiation (i.e. to ensure a person can't enter data on one date and then deny he did so subsequently). I have read enough to know I can use GnuPG to encrypt data on my various machines, but I haven't yet found where to look for information dealing with practical application in securing web applications and proving the identity of users of those applications. In ecommerce, for example, one of the big risks involves customers buying a product or service and then demanding a refund claiming he didn't buy that product or service but rather someone was impersonating him. I am looking to see if there is a practical application of GnuPG to let me prove that a user is who he says he is and take that a step further in providing evidence that the user did, in fact, make the purchase he now denies (i.e. non-repudiation). I recall, when I first read about PGP, many years ago, there was a section that talked abstractly about non-repudiation, but now I am looking study the practicalities of applying it in a selection of web applications (and these applications do involve use of email, so that needs to be secured also). I don't expect anyone to write a tome on this, but a few links on, first, is it possible, and then, if so, how to deploy on Suse or Ubuntu Linux, would be appreciated. NB: I have a growing collection of tools I can use to support my efforts, so in a sense, this is a question of whether or not I can, and should, add GnuPG to my toolkit. Cheers Ted
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users