True. The problem is that without some kind of management scheme you
might just find yourself having too many little secrets all over the
place. And should you go from job to job or ISP to ISP how would this
work? Is this a client side solution?
Chuck
Madscientist wrote:
-----Original Message-----
From: C. Wegrzyn [mailto:wegrzyn(_at_)garbagedump(_dot_)com]
Seems like a lot of what you get with a cert. This is almost the
approach I took with the design I did. I can tell you it works
and works
well.
Chuck Wegrzyn
Thanks for that. The thing I feel most strongly about concerning this
type of "consent" and/or "identity" mechanism is that certification
mechanism should be open, decentralized, and entirely in the control of
the end users. Unlike certs, which usually require some centralize
authority for a signature, simple shared secrets can be created and
destroyed entirely at the behest of the user groups involved and require
no cost beyond that effort.
(It is possible to have certs signed by some elected member of the
group, or to self sign, or to elect some local authority for the local
COT, however the entire cert discussion tends to add unnecessary
complexity I think.)
_M
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg