On 21 Nov 2010, at 6:59 AM, Sander Temme wrote:
Thanks for the link Issac. If this is already in Apache, why isn't
everyone using it?
Because key management is just too freaking hard, and too much of a
management and support burden.
For God's sake, if we can't even get the Apache developer community
to use PGP without handholding, how would you expect the general
public to handle this tech?
In our experience, the hardest part about using certificates is
overcoming the perception held by technical people that it's hard to
use certificates.
Over the last three years, we have rolled out a certificate based
infrastructure across a large organisation, with certs for all
employees and external suppliers. The basic premise is that usernames
and passwords are banned (unless completely unavoidable), and that
your certificate gives you whatever access you need. Everything that
requires "registration" of some kind has been configured to auto-
register people from details in the certificates, so we have no
centralised directory of any kind for people with certificates. Lots
of problems evaporated as a result. When the certificate expires, or
is revoked, the portcullis comes crashing down and you're locked out
everywhere. There are no residual "does person X still have access"
problems.
For end users, life is simple. If you need to access something, you
simply go there, job done. No login forms, no registration, no asking
somebody for access, no "forgot your password" forms, no obscure
username that is annoyingly different to all your other usernames.
In our experience, unlike technical people, end users don't know that
certificates are supposed to be hard, and so have never known they
were supposed to consider certificates a problem. As a result, it's
been very successful.
Regards,
Graham
--
