[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bootstrapping
From: |
Mark . Burgess |
Subject: |
Re: Bootstrapping |
Date: |
Wed, 18 Feb 2004 17:59:36 +0100 (MET) |
> The short answer is that cfengine wasn't designed for such a scenario,
> that the trust relationships won't work.
>
> This problem has been solved already with PKI, it's a matter of whether
> it's warranted to refit cfengine with an additional trust model. I could
> have my own CA, issue certs over HTTPS when clients sign up, or however
> it makes sense to issue them.
I don't think PKI solves anything in a mobile environment.
You are just having to trust someone else to tell you
something that isn't certain. It doesn't help. No this is a
rather deep problem actually.
A fingerprint model is a possibilty but then you have the
issue of how to refer to the owners of those keys in the
admit: ACLs. If you cannot know the IP address, then how do
you do access control? Using random fingerprints would be
very cumbersome to maintain.
M
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Re: Bootstrapping, (continued)
Re: Bootstrapping, Nate Campi, 2004/02/18
- Message not available
- Re: Bootstrapping, Nate Campi, 2004/02/18
- Message not available
- Re: Bootstrapping, Nate Campi, 2004/02/18
- Re: Bootstrapping, Erik Hjelmås, 2004/02/18
- Message not available
- Re: Bootstrapping, Nate Campi, 2004/02/18
- Re: Bootstrapping,
Mark . Burgess <=
- Re: Bootstrapping, Nate Campi, 2004/02/18
Re: Bootstrapping, Eric Sorenson, 2004/02/18
- Re: Bootstrapping, Luke A. Kanies, 2004/02/18
- Re: Bootstrapping, John Sechrest, 2004/02/18
- Re: Bootstrapping, Luke A. Kanies, 2004/02/18
- Re: Bootstrapping, John Sechrest, 2004/02/18
- Re: Bootstrapping, Mark . Burgess, 2004/02/18
- Re: Bootstrapping, John Sechrest, 2004/02/18
- Re: Bootstrapping, Luke A. Kanies, 2004/02/18
- Re: Bootstrapping, Luke A. Kanies, 2004/02/18