[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Digital Signatures

To: misc@openbsd.org
Subject: Re: Digital Signatures
From: Thorsten Glaser <nirwana@ecce.homeip.net>
Date: Fri, 8 Mar 2002 14:37:01 +0000 (UTC)

[No References: because due to an error I was not
 subscribed to misc@ the last few days]

Carsten Menke:

>Devdas Bhagat wrote:
>> On 08/03/02 01:12 +0000, Thorsten Glaser wrote:
>>
>>>I have a proposal for distributing digitally signed information
>>>about OpenBSD which is fairly light-weight.
>>>
>> Ummm, may I suggest PGP? Free, and pretty easier to secure, plus you
can
>> assign multiple levels of trust.
>> You really don't need a central registrar, just a web of trust.
>> Again, simply sign the SSL certificate using a pgp key and we can
even
>> trust the self signed certificate.
>>
>> Devdas Bhagat
>>
>Even better than that is gpg
>http://www.gnupg.org/
>
>a fully compatible opensource pgp clone.

I did specifically write about a solution using openssl,
because it is in the base system and uses quite standard
approaches, whereas pgp/gpg/OpenPGP has several levels
of compatibility and is not that trusted (at least for
pgp >2.6.3i); furthermore gpg has a completely different
syntax.
But my main argument here is that openssl _is_ in the
base system and it is not much effort to generate or
check signatures. Neither is importing/exporting
certificates.
As I said, I will put it all on a HTML page if this
gets through.

Thorsten
-- 
Yes, I am root on my box, my friends' boxen and my mailgate.
And yes, I do know how to handle it. Yes, I know about kill-
rules, too. So WTF do you still bother filling my syslog?

Follow-Ups:
- Re: Digital Signatures
  - From: Toni Mueller <openbsd-misc@oeko.net>

Prev by Date: openssh 3.1 & www.openbsd.org
Next by Date: Re: [openssh-unix-announce] OpenSSH 3.1 released
Prev by thread: Re: Digital Signatures
Next by thread: Re: Digital Signatures
Index(es):
- Date
- Thread