On 03/03/2015 08:43 AM, Gert Doering wrote:
Hi,
On Tue, Mar 03, 2015 at 07:31:56AM -0800, Michael Thomas wrote:
Considering that provisioning personal certificates is the almost the
polar opposite of zeroconf, the chances
of the normal schlub seeing an informative and/or trustworthy name are
really, really low.
You might want to entertain you reading
draft-behringer-homenet-trust-bootstrap
which gives a good idea how this could work (the general ideas, maybe not
the specific implementation).
Of course the normal end user is not going to ever look at or manually
generate a certificate.
I scanned this over (I think I've scanned Max's base doc too, but it's
been a long time), and
don't think that the problem at hand has much to do with needing a CA of
any sort. Binding
"human" names to cryptographic identities is fraught with trouble -- and
if they're not intended
to be human consumable, they might as well be the fingerprint of a
public key.
The big question i have is whether the non-interactive nature of certs
is being taken advantage
of. For example, if I throw my root current CA in the trash what happens?
I have a lot of other questions, but I'm not sure whether this is right
time to go through them.
Mike
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet