[Security] Hosted solutions - client/user certs
dmeyer at tzi.de
Sun Aug 24 13:09:14 CDT 2008
Pavel Simerda wrote:
> PubSub will be on virtually every server in the future and it's
> suitable for saving both private and public data.
> The only issue is: do you trust the server list? Maybe you can also
> store your own signatures for the certificates? I don't understand the
> precise purpose of this outline but I believe it should also include
> a listing of security features it is intended to provide.
I trust the server to hold the certificates for clients that can log
in at the server. If the server is bad it does not care anyway. But I
do not trust the server for c2c certificates, they have to be signed
by a key I trust. But we can use the same list for both cases. Keep
the list of client certificates signed on a pubsub node. The server
(which may not be able to verify the signature but that doesn't
matter) allows all clients with such a certificate to log in. For c2c
all clients use that list including the signature for authentication.
If you explain so clearly that nobody can misunderstand, somebody will.
More information about the Security