der.hans wrote: > What we need is a personal site certificate authority. It's task
> four-hundred and something for me, so if someone else wants to make it
> happen that'd be good :).
Yes, indeed ... I am in 100% agreement with this ... I was unhappy the otherday
when one of my hosting people said they wouldn't install a self signed cert for me.
Lets discuss a good way to go about this. If we can agree on some proper
handling procedures, I will gladly deal with the responsibility. Although,
there may be some longevity issues ... for instance I may become at some point
financially unable to host a CRL or something.
> I beg to differ with the word 'proper' in this connotation. My certificate
> is just as 'proper' as the others.
Well, any clown can MITM with weakly bound PKI using dsniff. For that matter
too, I think something should be done about SSH host keys.
And of course there is the web of trust ... with GPG and whatnot. I will cook
something up about this ... addressing all of these issues. Anyone else feel
free to chime in.
(text/plain)