[Freedombox-discuss] FBX Setup with Debconf Web-Frontend: Difficult

Nick Daly nick.m.daly at gmail.com
Fri Jan 13 02:29:41 UTC 2012


Philip Hands <phil at hands.com> writes:

> On Tue, 10 Jan 2012 21:55:18 -0600, Nick Daly <nick.m.daly at gmail.com> wrote:
>
>> Monkeysphere /could/ help automatically organize an HTTPS connection
>> between the server and client (after key exchange), had they completed
>> their listed goals.  That's not the case, though, so it can't be done.
>
> Isn't this all just unnecessary complication -- once a trusted connection with
> your browser to the HTTPS server on the FB, you'll have to accept it's
> key (clicking the pointless overrides) -- at that point the FB could
> issue you with a client cert (or just use passwords for authentication,
> or both -- whatever you fancy).
>
> Once that's done, your browser will notice a change of server key -- we
> may need to recommend that people install a plugin to make sure that they
> get the message that that's a Bad Thing.

You have a very good point.  My concept was unnecessarily complicated,
which /is/ the last thing we want.  It would be nice to use client
certs, to save the password typing, but that's just convenience.

It might still be interesting to give FBXs their own PGP key (mutually
signed by their owners'), to allow FBXs to communicate directly between
themselves over the WOT.  That could produce amazing (and unexpected)
results.

Nick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120112/82737af0/attachment.pgp>


More information about the Freedombox-discuss mailing list