-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
I've seen the Debconf '12 discussion on X.509 certificate stores[1] and the Wiki page that came out of that discussion[2]. 1. http://www.irill.org/videos/debconf-12/895_X.509_Cert_Store_Discussion.mp4 2. http://wiki.debian.org/X.509 As far as I'm aware there aren't many mentions of [2] in the public mailing lists, but I'm very interested to discuss where this is going. My main interest is the use case for certificates from the science grid community. The IGTF[3] has a distribution of accredited CAs that are used world-wide to authenticate both services and users. These are typically not the kind of CAs you'd trust for on-line banking, but services like: - compute clusters - grid storage pools - science clouds - science workflow portals - etc. 3. http://www.igtf.net The point I'd like to raise is that the current model of CA certificates seems to take an all-or-nothing approach: either a CA is trusted (for whatever purpose) or not. For the IGTF CAs, this may not be the right approach. When I started packaging the IGTF distribution for Debian[4], there was some discussion about what the right way of doing this would be. In the light of new(er) ideas raised in[2], it seems more thought and discussion is still needed. I'm offering to help out, either by contributing to the discussion, providing tooling, testing, etc. Thanks, Dennis van Dok - -- D.H. van Dok :: Software Engineer :: www.nikhef.nl/grid :: Phone +31 20 592 22 28 :: http://www.nikhef.nl/~dennisvd/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIcBAEBAgAGBQJRn0G3AAoJEN/62Bl2F+8ZOdEQALj/b5f7p18mDD0pJ811qt52 BzuMa7rMT4+6guES3JVZrtyTf5YSu5xUZsrU/PeD6SUew9yIvaSFQIGLj3qZ4psf dq3FEoXDkneag/FV8Sl/MkOOAZh4JH+06p+9L9OQackfn7IRGONQLnbL/jKhkikL Gi1tfN5V2+AlqqDabuJ7mopddndCj1x+WuyvnAs8DEcqrlNDZMB2BCdMS+i3IzfO 1gCtoyctxYbI2tHeq6Hwtmy7RhHqQFJd2ZyNM1/ThSPjKuOgW8SMaT/TH4c5PteD L5PVfvaH31hcZY8l9cniYRaYHnmkuNhoHq0TfOPYmHhuBiIxd4Q0riTAjpOyjQNe yJ7/YUlVruRNnMc9i9iU/gIYWODvtroy8IddBRr+cj1Q75juPl9GIvaVPEYhlQEk okFm7B5+TQcda1aObcUV3mKlrP9rvVqZJPTL9yy/QQaPyw3M/UZz+7cgGTYHSJlt 50s46mNn+PZrtVvIAJyJOTInvcKui7MdPCoeIAPLjpBa9XzwUpHHDSOsQxi6sV3f 4L0XhB1XharMDV7vnHJqgREnqefIMo8ZiWKVq5MEMszs8KZ3OS1TE7SyOIgN8HbS GR4YapIFRaYE3xqVnP/jNLH00TPM3UX5q4+Z1Z8wP9vlxNl3pNwZvLoElz9HdJBz U3eQ5CxYZGwjBUbIVoqO =kqzN -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/519f41bd.10...@nikhef.nl
