Hi Nathaniel Another alternative might be to have a utility to convert x509 certs and their associated private keys to the format monotone uses, and then use the former for SSL tunneling. If monotone is using RSA keys, it could be (almost) trivial.
The advantage is that x509 is supported by a lot of libraries and browsers - despite the fact that those libraries might be horrid, they do work and are quite widely inspected for holes already. As an example, we issue X509 certs to every member of a collaboration, and having to manage ssh and monotone (and other) keys is a major administrative pain. E.g. monotone keys are not signed and have to concept of revocation lists etc. Cheers Conrad On Tue, 2005-10-11 at 08:50 -0700, Nathaniel Smith wrote: > On Tue, Oct 11, 2005 at 11:57:02AM +0100, Joel Crisp wrote: > > Is there a reason why this has to be integrated in Monotone rather than > > using tunneling? > > Eh, there are some advantages to integrating it -- ssh tunneling > requires people have logins on the remote box, requires they have ssh > installed, etc. Effective crypto is mostly crypto that users don't > have to think about... > > -- Nathaniel > -- Conrad Steenberg <[EMAIL PROTECTED]> California Institute of Technology
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Monotone-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/monotone-devel
