On Wed, 2005-10-12 at 23:10 +0100, Bruce Stephens wrote: > Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> writes: > > [...] > > > No, I was thinking of making good use of things like policy attributes > > at assign roles or rights to a certificate holder. But sure, if you > > want, there's always the possibility of coupling the whole thing with > > a replicated LDAP repository and do the math with it :-). > > But if your certificate has all those decorations then it's probably > not so usable for other purposes, so I'd guess that would diminish the > "single signon" type argument for using X.509?
I strongly agree with this sentiment: use the certs for identification only, to authorization. Adding these non-standard attributes to X509 certs is far worse than inventing your own certificate system: you get all the bloat of an exiting specification, without any of the benefits of that specification: interoperability, and the use of standard tools and libraries. > I suspect that if monotone had an ssh-agent type system (maybe even > one that actually used ssh-agent, whether or not it used ssh keys), > then a lot of the irritation with using monotone-specific keys would > go? > > > But you'll have to wait until that RFC is implemented in OpenSSL :-). > > OK, not for a couple of weeks, then? > > [...] > > > > _______________________________________________ > Monotone-devel mailing list > [email protected] > http://lists.nongnu.org/mailman/listinfo/monotone-devel -- Conrad Steenberg <[EMAIL PROTECTED]> California Institute of Technology
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Monotone-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/monotone-devel
