nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: LinkedIn password database compromised

From: Owen DeLong <owen () delong com>
Date: Thu, 7 Jun 2012 13:06:04 -0700

On Jun 7, 2012, at 12:37 PM, Aaron C. de Bruyn wrote:


On Thu, Jun 7, 2012 at 12:24 PM, Owen DeLong <owen () delong com> wrote:

Heck no to X.509.  We'd run into the same issue we have right now--a
select group of companies charging users to prove their identity.


Not if enough of us get behind CACERT.


Yet again, another org (free or not) that is holding my identity hostage.
Would you give cacert your SSH key and use them to log in to your
Linux servers?  I'd bet most *nix admins would shout "hell no!"

So why would you make them the gateway for your online identity?

-A


HuH?

They don't hold my identity hostage. They sign my identity. That's it.

I create the certificate and the private key. They never receive the private key.
They merely provide a mechanism by which trusted parties can verify and then
attest that I am, indeed, who I claim to be.

Would I consider using my X.509 certificate as an authentication method for
my linux servers? Not at this time for the simple reason that the combinations
of expiry and the UI complexities in doing so make it significantly less
convenient than my SSH keys.

However, if it were made to be equally convenient with SSH keys, then, I
don't see a problem with it.

Owen
Previous By Date Next
Previous By Thread Next

Current thread: