[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [regrep] Vote on version 2.03 - ACTION ITEM
Message text written by "Munter, Joel D" > My primary argument is, "financial and technological barriers to entry." Certificate acquisition and management are not free and not trivial. From a practical point, I may choose to make some things that I publish, purely public and dsig just simply is not required. I want to be able to choose what I sign. imho Signing entries should be optional. It has been suggested (by others) that the first two might be reconsidered in the V3 timeframe. Joel < >>>>>>>>>> Joel, I agree. And from the implementation aspect - to just cover the issue right now with V2+ - when a user signs up to the registry - their profile could be given a default certificate - so if no external one is provided, that internal one is used. That moves the point of validation from the remote system to the local registry firewall, login and session tracking mechanisms (as is currently the case). I suspect in implementations most end users will have no idea that any certificate processing is going on - unless they explicitly want to override the default behaviour - and that brings us back to your main issue - this HAS to be driven off the business need for this. If you treat the registry as a trusted source - where content can only be modified by qualified staff - based on their verification of content that has been placed in the "pending" queue - the need for certificates is more outbound in anycase - to protect recipients of the information from the registry so they know it came from the trusted source. A breech of security allowing corruption of registry content by an external source is therefore not dependent on certificates, but on the other mechanisms that control access to the registry anyway... is you think I'm Suresh, sending you changes for Suresh's account - you're going to accept 'em, eh? Now who is it that's writing this email I wonder? DW.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC