On Dec 3, 2007 2:26 PM, Stef Walter <[EMAIL PROTECTED]> wrote: > Luis Villa wrote: > > Comment 1: this is awesome. I'm very psyched to finally see proper ssh > > support, and in general to see better identity/key management in > > GNOME. This is hugely important- I think much more so than people seem > > to realize. > > Yes. I hope that with a solid modern PK infrastructure, applications > will be able to use encryption in a way that doesn't stomp on users toes.
Absolutely. Very exciting. > > Comment 2: will I still be required to re-auth post login with this > > release? or will access to the default keyring now be automatic with > > login? (You make reference to a 'login keyring', so I'm optimistic > > this is what you mean, but I wanted to double-check.) > > Yes, this is probably the most compelling reason for GNOME having a real > certificate and key store: The integration with the users login. > > gnome-keyring 2.20 included support for unlocking the user's keyrings > with the user's login password. And the current certificate store builds > on that functionality. > > The 'login' keyring is a keyring that is unlocked by PAM upon successful > authentication. When a private key needs to be unlocked (for example > when using it to do an SSH login), the 'login' keyring is checked for a > relevant password. Hrm. Will applications need to be modified to store to this keyring instead of the default keyring? > > Comment 3: have you talked to the Novell guys working on the Bandit > > Project aka DigitalMe? I just installed their linux build and firefox > > plugin[1] and got a really great authentication experience with two > > sites that use the CardSpace aka InfoCard standard.[2] It seems to > > already interoperate with the keyring, which is great, but it seems > > like it would be good if GNOME made sure to reach out to them and make > > sure that we're providing what they need. > > Interesting. I'll drop them a note [1]. > [1] ... once I can manage to figure out access their mailing list > without giving them an insane amount of personal info and '[x] we can > spam you and yours' in order to create a 'Novell' account. Ah, Novell. Two steps forward, one step back. Luis _______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
