-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Fri, Jun 13, 2014 at 04:31:31PM -0400, John Gorkos wrote: > On 6/13/14, 3:23 PM, Eric H. Christensen wrote: > > The mechanism that LoTW uses is similar to what can be done for the > > wiki. LoTW is using a certificate to digitally sign a file that is > > then transmitted to the LoTW servers. What you can do with ssl_mod > > (using httpd) is to require client-side certificate authentication. > > Fedora uses this for their package build server and I've seen it a > > couple of other places. This isn't something that's easy (although > > it's not overly difficult, either). You must have some sort of > > cryptographic system in place to generate and manage certificates > > (Dogtag?). > > That's the beauty of it: the ARRL already DOES the hard part. > There's no need to install Dogtag (a merciless, bloody task, not > really made much easier by spending big $$$ to get the RedHat > Enterprise version). The league has already issued the certificates > and done the legwork to verify that the people they issue them to are > real people, and real hams, and that the callsign matches the real > name, etc. On the web server side, all you have to do is say "I trust > the ARRL. If they signed a certificate with their private master key, > then I'll believe the person submitting that certificate is who they > say they are, because the ARRL did all the hard work." > The best example is to go to this URL: > https://authtest.aprs.fi/
Oh I see what you're saying. Yes, this would be a good way of implementing this type of control and not have to deal with the X509 certs. 73, Eric W4OTN/3 PS: Dogtag is FOSS and you don't have to pay anything to Red Hat. I've not played with it in years but it used to be a horrid system. I'm hoping it has gotten better, though. Perhaps I'll installed it on my server and see what it's all about now. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJTm266AAoJEB/kgVGp2CYvM6YL/0A/Oj0EOjM6Wken4IXsQME4 r4EiOvlCNeziVemcgPZWHZTwBuMidx7JLnsrJW6oVpKa0FklrBnCQxZr4My0q94v 898E2JpMsEIt+MSF5l1FuFfr15Ufe31q557XAIAIRT4qEv+zCzfiotwbGZE5+lo0 CQub0SgIvXdTCRd37/PvsCHL2I6leXlRPkmEUlmnouxrQYg2NI46R/7jiGfzthaZ 8nR+8EhnqxH2L9/LIUJBRyAiVJ4QYLlwMHpG9c6X52GSrVcvrm60wLLLUJEqan5M oNmFQcoeoUtU2gLndOjpl7Yn7fpDmYvUI/al9yiUy/2jmKGDw7DGPeOC9G3um9nX 2CHxT73s7H568iiGjgNK9zM5GRB1XLBm4DPpO8vNaqdUpKz5pOtbD1ybIx2+w5QZ jxMq2IvE+x464wTKfoRaY9QsOaWR8MHoLJA4zFcEIKgF93KSSEP/WGmpxCYWL9cv wfhgrhP8ZyuzXPpkSZHhUIxoud5rSj2Um9GKAKYrfg== =FL0p -----END PGP SIGNATURE----- _______________________________________________ Xastir mailing list [email protected] http://xastir.org/mailman/listinfo/xastir
