On Jun 7, 2012, at 12:37 PM, Aaron C. de Bruyn wrote:
On Thu, Jun 7, 2012 at 12:24 PM, Owen DeLong <owen@delong.com> wrote:
Heck no to X.509. We'd run into the same issue we have right now--a select group of companies charging users to prove their identity.
Not if enough of us get behind CACERT.
Yet again, another org (free or not) that is holding my identity hostage. Would you give cacert your SSH key and use them to log in to your Linux servers? I'd bet most *nix admins would shout "hell no!"
So why would you make them the gateway for your online identity?
-A
HuH? They don't hold my identity hostage. They sign my identity. That's it. I create the certificate and the private key. They never receive the private key. They merely provide a mechanism by which trusted parties can verify and then attest that I am, indeed, who I claim to be. Would I consider using my X.509 certificate as an authentication method for my linux servers? Not at this time for the simple reason that the combinations of expiry and the UI complexities in doing so make it significantly less convenient than my SSH keys. However, if it were made to be equally convenient with SSH keys, then, I don't see a problem with it. Owen