Манкисфера пытается дать альтернативу самоподписанным корневым сертификатам или покупке валидных сертификатов у «картеля CA». В качестве CA используется OpenPGP WoT. И все было бы прекрасно, если бы не надо было на клиентах устанавливать агента + плагин.
-
- The Monkeysphere Project aims to put authentication on the web back into the hands of web users through the use of the OpenPGP Web of Trust (WoT). Instead of purchasing certifications from the certificate authority cartel, or offering uncertified keys for services, admins can use the Monkeysphere tools to make OpenPGP certificates for their services, publish the certificates to the WoT, and then certify it themselves.
- Users can use the Monkeysphere client tools to validate the service certificates, or present users with useful info about who as certified a service.
- ...
- we describe how an admin can publish OpenPGP certifications for their site services, allowing their users to validate their services through the OpenPGP Web of Trust
- debian-administration.org/.../Publishing_host_services_to_OpenPGP_with_Monkeysphere
-
- Using the monkeysphere for the Web requires two components. The first is the Validation Agent (msva). This is a software daemon (a process waiting in the background for requests on a network port) that uses the OpenPGP web of trust to validate certificates.
- The second is a browser plugin, currently only available for Firefox and Iceweasel (or other Mozilla-based browsers), which passes the appropriate requests to the validation agent as the user browses the web.
- monkeysphere.info/why
-
- А поскольку на клиента надо ставить плагин и агента, технологию можно сразу вычеркивать из разряда «общеупотребимых». А жаль, очень.
-
- kwords: OpenPGP, ssh, ssl, certificate authority
Комментариев нет:
Отправить комментарий