Oh, you mean using a certificate for c2s authentication. Good point.
Pavel On Sun, 24 Aug 2008 20:09:14 +0200 Dirk Meyer <[EMAIL PROTECTED]> wrote: > Pavel Simerda wrote: > > PubSub will be on virtually every server in the future and it's > > suitable for saving both private and public data. > > > > The only issue is: do you trust the server list? Maybe you can also > > store your own signatures for the certificates? I don't understand > > the precise purpose of this outline but I believe it should also > > include a listing of security features it is intended to provide. > > I trust the server to hold the certificates for clients that can log > in at the server. If the server is bad it does not care anyway. But I > do not trust the server for c2c certificates, they have to be signed > by a key I trust. But we can use the same list for both cases. Keep > the list of client certificates signed on a pubsub node. The server > (which may not be able to verify the signature but that doesn't > matter) allows all clients with such a certificate to log in. For c2c > all clients use that list including the signature for authentication. > > > Dirk > -- Web: http://www.pavlix.net/ Jabber & Mail: pavlix(at)pavlix.net OpenID: pavlix.net
