Re: [Monotone-devel] Transport encryption

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Transport encryption

From:	Conrad Steenberg
Subject:	Re: [Monotone-devel] Transport encryption
Date:	Tue, 11 Oct 2005 11:26:32 -0700

Hi Nathaniel

Another alternative might be to have a utility to convert x509 certs and
their associated private keys to the format monotone uses, and then use
the former for SSL tunneling. If monotone is using RSA keys, it could be
(almost) trivial.

The advantage is that x509 is supported by a lot of libraries and
browsers - despite the fact that those libraries might be horrid, they
do work and are quite widely inspected for holes already.

As an example, we issue X509 certs to every member of a collaboration,
and having to manage ssh and monotone (and other) keys is a major
administrative pain. E.g. monotone keys are not signed and have to
concept of revocation lists etc.

Cheers

Conrad

On Tue, 2005-10-11 at 08:50 -0700, Nathaniel Smith wrote:
> On Tue, Oct 11, 2005 at 11:57:02AM +0100, Joel Crisp wrote:
> > Is there a reason why this has to be integrated in Monotone rather than 
> > using tunneling?
> 
> Eh, there are some advantages to integrating it -- ssh tunneling
> requires people have logins on the remote box, requires they have ssh
> installed, etc.  Effective crypto is mostly crypto that users don't
> have to think about...
> 
> -- Nathaniel
> 
-- 
Conrad Steenberg <address@hidden>
California Institute of Technology

smime.p7s
Description: S/MIME cryptographic signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-devel] Re: Transport encryption, (continued)

Prev by Date: Re: [Monotone-devel] Re: Transport encryption
Next by Date: Re: [Monotone-devel] Merging cvssync in small pieces: Pipe abstraction
Previous by thread: Re: [Monotone-devel] Transport encryption
Next by thread: key trust (was Re: [Monotone-devel] Transport encryption)
Index(es):
- Date
- Thread