> > and you've just multiplied your public key computation
> > load by a factor of three of four.
> No, you "merely" double it. One - check that the identity cert is
> valid, two
> - that the attribute cert that *you* are interested in (out of a
> dozen that
> may be attached to this identity cer
> For both the responses I got, it looks like the server need
> to access the information (whether identity or attribute or
> whatever) present in the certificate and use that to decide
> the permissions for the peer that represented this certificate.
> Is my understanding correct?
Partially so
> Well, the Subject Distinguished Name should have the
> Organization...
Can you envision long-lived certs issued by gov't - like passports? In that
case, Organization would not have the same semantics. But this is less
relevant for our discussion.
> ...but I strongly disagree with you if you th
On 2007.05.25 at 08:16:19 -0400, Mouse wrote:
> I'm driving at Attribute Certificates. They are supposed to have shorter
> life than identity certs, but still long enough to be usable.
I've seen project to add attribute certificates to OpenSSL.
http://openpmi.sourceforge.net/
You can try to down
Thank you very much for the response.
For both the responses I got, it looks like the server need to access the
information (whether identity or attribute or whatever) present in the
certificate
and use that to decide the permissions for the peer that represented this
certificate.
Is my understandi
Mouse wrote:
> I.e. for the sake of the argument identity
> "Michael" may have an attribute "employee of Tenebras", and another
> attribute "permitted access to dev repository A12".
Well, the Subject Distinguished Name should have the Organization,
but I strongly disagree with you if you think a
> > ... is it necessary to
> > issue ONE certificate to EACH individual.
>
> Yes. The problem of granting access based on membership in a
> group is an authorization problem.
Correct.
> This doesn't have
> anything to do with certificates -- permissions and roles
> change independently of
Urjit Gokhale wrote:
It seems that you are making the common mistake of conflating authentication
with authorization. Certs are useful in binding pubkeys to identities and
subsequently in verifying possession of the private key by being able to
perform decryption.
The SSL protocol has provision
Hello,
> I would like to have your opinion on one scenario, and my approach to
> provide needed functionality:
> 1) I have a server that listens to connection requests from the clients over
> the internet (meaning anyone and everyone who knows my ip/port can send me
> connection request. I am not b
Still no response :-(
Could someone please help me clarify my doubts?
thanks,
~ Urjit
- Original Message -
From: "Urjit Gokhale" <[EMAIL PROTECTED]>
To:
Sent: Thursday, May 24, 2007 4:28 PM
Subject: Re: Certificates, users and machines
> Thanks for your reply.
>
: "Kyle Hamilton" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, May 16, 2007 4:45 PM
Subject: Re: Certificates, users and machines
> A certificate binds the public key of a public/private (asymmetric)
> key pair with additional information.
> A certificate is trusted by some trusting
I hope this information helps.
-Kyle H
Thank you for your response and information about the proxies.
I now have a feeling that to write a verification callback function, I will
need to
retrieve the information stored in the certificate that the peer has sent
to me.
If you want t
> A certificate binds the public key of a public/private (asymmetric)
> key pair with additional information.
> A certificate is trusted by some trusting authority. In most cases,
> this is a certifying authority (CA) -- and the asymmetric signature
> by the CA is an assertion that the CA believes
On 2007.05.16 at 16:03:38 +0530, Urjit Gokhale wrote:
>Hello everyone,
>
>I have some doubts about certificates, which I wish to get clarification
>on.
>
>Here is my understanding about certificates:
>* Certificates bind the public key with some other information like the
>
A certificate binds the public key of a public/private (asymmetric)
key pair with additional information.
A certificate is trusted by some trusting authority. In most cases,
this is a certifying authority (CA) -- and the asymmetric signature
by the CA is an assertion that the CA believes tha
Hello everyone,
I have some doubts about certificates, which I wish to get clarification on.
Here is my understanding about certificates:
* Certificates bind the public key with some other information like the name of
the owner(user), who generated the certificate, the validity period etc.
* The
16 matches
Mail list logo
