On Fri, May 10, 2013 at 4:33 AM, Russ Allbery wrote: > That level of security isn't great, though. GPG keys are much more secure > than that password. What we would want for equivalent security in a web > interface is personal X.509 certificates. > > I think it would be interesting to have that infrastructure in place, but > someone would need to build it (probably with some mechanism to bootstrap > GPG keys into X.509 certificates -- and be careful of expiration times and > figure out a good way to deal with revocation).
That mechanism already exists (and supports SSH too): http://web.monkeysphere.info/ The monkeysphere developers are Debian folks and have discussed monkeysphere with DSA at various DebConfs. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAKTje6FhKHGd7MVZ30zu6M_=okbsyenis1p8ptaak7gqcvl...@mail.gmail.com
