Ivan writes:: While you may believe the setup you have in mind is easy and uncomplicated, the odds are *overwhelmingly*, **super-stunningly** stacked against you to make PKI work the way you want in production. The fact that TLS client certs, in particular, have zero commercial end-user deployment uptake, should tell you something.I cannot recommend more strongly to stay the bloody hell away from the entire real PKI/X.509/CAs morass. A solution based on e.g. SSH and key continuity is, while certainly less traditional, enormously likely to work out better in practice.
This is an assertion, not an argument. It is also factually incorrect.
_______________________________________________ Sugar mailing list Sugar@lists.laptop.org http://lists.laptop.org/listinfo/sugar