On Fri, Dec 01, 2006 at 01:55:13PM -0800, Stewart Stremler wrote: > Do you use a keystore that is used by all of your programs, or do you > load your keys/certificates into each program? If the former, how do you > control access to which keys for which applications? If the latter, the > mechanism isn't standardized, or even obvious, across all the different > applications.
Maybe I have lower expectations. Just getting Firefox PKI'd would seem to be a big win all by itself.... and if you believe the hype, in the future all our apps will be webified so now Firefox is your OS. I'm not sure Firefox would need to worry about controlling access to public keys from various web sites. So what is the financial concern again? > Soft certificates are often mishandled, and "hard" certificates (e.g., > smart cards) require considerably more infrastructure for large > organizations. > > Hm. Apparently becoming a CA isn't that hard: it seems that something called > SSLeay has all the programs and scripts you need. CA isn't that hard and the smart card readers can't be that expensive. They are just cheap USB gizmos. I'm optimic here as well since my DoD client is done with a cheap card reader and 100% OSS (Fedora Core 6!). PKI'd intarweb still seems doable on the cheap to me. Chris -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
