On 03/03/2015 08:43 AM, Gert Doering wrote:
Hi,

On Tue, Mar 03, 2015 at 07:31:56AM -0800, Michael Thomas wrote:
Considering that provisioning personal certificates is the almost the
polar opposite of zeroconf, the chances
of the normal schlub seeing an informative and/or trustworthy name are
really, really low.
You might want to entertain you reading
draft-behringer-homenet-trust-bootstrap

which gives a good idea how this could work (the general ideas, maybe not
the specific implementation).

Of course the normal end user is not going to ever look at or manually
generate a certificate.



I scanned this over (I think I've scanned Max's base doc too, but it's been a long time), and don't think that the problem at hand has much to do with needing a CA of any sort. Binding "human" names to cryptographic identities is fraught with trouble -- and if they're not intended to be human consumable, they might as well be the fingerprint of a public key.

The big question i have is whether the non-interactive nature of certs is being taken advantage
of. For example, if I throw my root current CA in the trash what happens?

I have a lot of other questions, but I'm not sure whether this is right time to go through them.

Mike

_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet

Reply via email to