Raphael Hertzog <hert...@debian.org> writes: > On Mon, 06 May 2013, Joerg Jaspert wrote:
>> Nah, the webinterface just should end up like the DAM webinterface: You >> do whatever you need, then click a button - and voila, there is >> everything ready to copy/paste into a MUA. Send with sig, done. > Why? This is just a band-aid and not what I would call a web interface. > And except lazyness I don't see a good reason for that. Web interfaces > can be secure (and with an audit trail in case of breach). After all we > can manage our Debian passwords over a web interface... That level of security isn't great, though. GPG keys are much more secure than that password. What we would want for equivalent security in a web interface is personal X.509 certificates. I think it would be interesting to have that infrastructure in place, but someone would need to build it (probably with some mechanism to bootstrap GPG keys into X.509 certificates -- and be careful of expiration times and figure out a good way to deal with revocation). -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87haibnb9y....@windlord.stanford.edu
