On Thu, Jan 10, 2013 at 09:59:59AM +0200, Oleksii Shevchuk wrote: > > But for the normal > > use case, where you just want to browse messages from one computer > > and another computer under your control > > In this situation CA shouldn't be used. SSH-like scheme (without third-party) > is > ok for this usecase. Or maybe SASL authentication + TLS/brokenPKI combo > should be used.. Right now I generate a CA certificate, then a client and server certificates, and than use the first one two sign the second and the third. Then I launch the server with the server certificate, and tell it to trust CA, and e.g. install the client certificate in firefox. Then browse messages. Or specify client certificate as an option to each wget or curl invocation.
Can you say how things would work in your scheme? Zbyszek > > this is overkill > > This is the service, which accepts incoming connections, and gives > access to sensitive data, anyway. > > // IMO, surely > // wbr, Alex > _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
