24 aug 2008 kl. 20.09 skrev Dirk Meyer:
Pavel Simerda wrote:
PubSub will be on virtually every server in the future and it's
suitable for saving both private and public data.
The only issue is: do you trust the server list? Maybe you can also
store your own signatures for the certificates? I don't understand
the
precise purpose of this outline but I believe it should also include
a listing of security features it is intended to provide.
I trust the server to hold the certificates for clients that can log
in at the server. If the server is bad it does not care anyway. But I
do not trust the server for c2c certificates, they have to be signed
by a key I trust. But we can use the same list for both cases. Keep
the list of client certificates signed on a pubsub node. The server
(which may not be able to verify the signature but that doesn't
matter) allows all clients with such a certificate to log in. For c2c
all clients use that list including the signature for authentication.
Certificates has no sensitive information - a signed document
with some data and a public key. The fact that I have a few
selfsigned certificates for clients might be sensitive, so the
server needs some sort of ACL for these lists. But no one can
gain access just by getting the certificates.
I would not trust the server to hold my credentials - neither
my private key or my password.
Dirk - after thinking about it for a while, I believe that the
user/cert concept is outside of the scope of the c2c communications
solution, even though they're an important concept in those cases.
The secure c2c document will have to refer to this doc, but I think
that user/client delegation requires it's own document
/O
