Re: [cks-devl] Re: cks

cks-devl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cks-devl] Re: cks

From:	V Alex Brennen
Subject:	Re: [cks-devl] Re: cks
Date:	Fri, 14 Jun 2002 15:25:45 -0400 (EDT)

On Fri, 14 Jun 2002, M. Drew Streib wrote:

> As always, my personal preference for cks is to get it syncing with pgpnet
> first, with the horowitz email sync protocol. This isn't the best solution,
> but in the practical world, it has to be done if we want to eventually
> move to a new sync method in the free software world.

I'm working on this as a priority item for myself now.  This will
be available soon.  I need to clean up the key merger code and 
fix the regex problem though.  One possible solution to the 
regex problem is to further abstract the db routines and use
berkeleyDB or IBM DB2 as a datastore until the regex code in
postgres is improved.  Another would be to read the UID 
matrix into memory and just walk it.  I just haven't had 
time to work on the code.  I've been working on building a
single signon solution for Florida International University.

Simon, I'll accept your DNS code, but please design it in
a way that allows others to easily turn it off via the
config file if they don't want to run it.  Since it will
be highly experimental, I would plan to ship with it turn
off by default at first.

Things have been quiet lately, but there's actually allot
of stuff going on with CKS.  Phil, Len, and I talked about
a robotic CA component which I'm working on.  There's also
been talk of x509 translation for web certs and a very cool
system to support this that I'll try and get Raph involved in.

You can figure out what's going on here if you put some
thought into combining robotic signing, keys translated
into web certs, and Raph's attack resistant trust metric
ideas.  If I can get all this stuff working, we'll see a
convergence in this space and a novel community based PKI
model emerge that can hopefully displace Verisign and the
commercial PKI vendors and systems.  In the new model 
trust would be an agreement among weighted nodes in a 
keyserver/signer network which would be capable of
correcting trust-drift much like NTP corrects time.

The LDAP/Kerberos single signon project has just been
kicking my ass though and I haven't had any free time. 
I'll have some time to work on CryptNET soon though,
as I plan to quit my current job RSN.

        - VAB

[Prev in Thread]

Current Thread

[Next in Thread]

[cks-devl] Re: cks, V Alex Brennen, 2002/06/14
- [cks-devl] Re: cks, Simon Josefsson, 2002/06/14
  - Re: [cks-devl] Re: cks, David Shaw, 2002/06/14
    - Re: [cks-devl] Re: cks, Simon Josefsson, 2002/06/14
  - Re: [cks-devl] Re: cks, M. Drew Streib, 2002/06/14
    - Re: [cks-devl] Re: cks, David Shaw, 2002/06/14
    - Re: [cks-devl] Re: cks, V Alex Brennen <=

Prev by Date: Re: [cks-devl] Re: cks
Next by Date: [cks-devl] RSA keys not accepted
Previous by thread: Re: [cks-devl] Re: cks
Next by thread: [cks-devl] RSA keys not accepted
Index(es):
- Date
- Thread