From owner-freebsd-security Wed May 17 13: 9:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 82C7B37BC82; Wed, 17 May 2000 13:09:32 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id NAA86571; Wed, 17 May 2000 13:09:32 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Wed, 17 May 2000 13:09:32 -0700 (PDT) From: Kris Kennaway To: security@freebsd.org Cc: Robert Watson , Darren Reed , Peter Wemm Subject: Re: HEADS UP: New host key for freefall! In-Reply-To: <3922D9A3.9EEC6033@softweyr.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 17 May 2000, Wes Peters wrote: > > Now to address Wes's point: I don't believe SSH1 can do certification, > > although I don't know about SSH2. > > Oh, I was referrering to certificates for sending S/MIME email. In theory PKI can do everything [*]: S/MIME email, PGP signatures, signed SSH hostkeys so you don't have to explicitly verify the new key through out-of-band trusted channels, SSL certificates for secure web services, etc. In theory these formats should all be pretty inter-convertible, since they all contain "enough crypto" (packaged in different ways) to make a decent protocol happy. > I'm not sure we'll be doing a large enough volume to warrant paying money > for CA services. I guess we'd have to work out a plan for what classes > of persons and/or positions we plan to issue keys/certs to in order to > answer that question. If we're talking about a CA cert, a cert for each > of the "hats", and a cert for each committer individually, that means > right now we'd need to manage about 210 certs, of which 5 or 6 need to > be transferrable. The point of a PKI is that you can have a *single* trusted root certificate with all others signed by that one in a hierarchy. In order to root the tree in something which (e.g.) Netscape browsers will automatically understand, we'd need to have at least one key signed by a commercial CA (Verisign, Thawte, ..) which is used as the basis for the FreeBSD PKI, but there's no inherent need for more than one "purchased" certificate. > Plus, I really like the idea of a cert with "The FreeBSD Project" as the > CA. Are we not the most reliable source of information about FreeBSD? Certified signatures are not about verifying the information content of data, it's about verifying the integrity of the message and the authenticity of the signing key. Kris [*] See however http://www.counterpane.com/pki-risks.html ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message