[153502] in North American Network Operators' Group
Re: LinkedIn password database compromised
daemon@ATHENA.MIT.EDU (Owen DeLong)
Thu Jun 7 16:11:35 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAEE+rGoxV3kVw5+Qy=zAM2ZzFE3NGCtHjjkUDWOs85Su9uAGgw@mail.gmail.com>
Date: Thu, 7 Jun 2012 13:06:04 -0700
To: "Aaron C. de Bruyn" <aaron@heyaaron.com>
Cc: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jun 7, 2012, at 12:37 PM, Aaron C. de Bruyn wrote:
> On Thu, Jun 7, 2012 at 12:24 PM, Owen DeLong <owen@delong.com> wrote:
>>> Heck no to X.509. We'd run into the same issue we have right now--a
>>> select group of companies charging users to prove their identity.
>>=20
>> Not if enough of us get behind CACERT.
>=20
> Yet again, another org (free or not) that is holding my identity =
hostage.
> Would you give cacert your SSH key and use them to log in to your
> Linux servers? I'd bet most *nix admins would shout "hell no!"
>=20
> So why would you make them the gateway for your online identity?
>=20
> -A
HuH?
They don't hold my identity hostage. They sign my identity. That's it.
I create the certificate and the private key. They never receive the =
private key.
They merely provide a mechanism by which trusted parties can verify and =
then
attest that I am, indeed, who I claim to be.
Would I consider using my X.509 certificate as an authentication method =
for
my linux servers? Not at this time for the simple reason that the =
combinations
of expiry and the UI complexities in doing so make it significantly less
convenient than my SSH keys.
However, if it were made to be equally convenient with SSH keys, then, I
don't see a problem with it.
Owen
