1 |
On Tue, Dec 02, 2003 at 03:29:16AM +0000, Luke-Jr wrote: |
2 |
> > (1) admin is bottleneck |
3 |
> There's a few hours delay from when key is uploaded to dev to when it's copied |
4 |
> to cvs anyway... Besides, considering the admin need to create the account in |
5 |
> the first place, this isn't really an issue. Existing devs can have keys |
6 |
> uploaded before passwords are disabled. |
7 |
I do agree that the admin bottleneck isn't as much of a problem as it |
8 |
could be, as the admin has to create the account in the first place, but |
9 |
that and adding the key can be seperate actions. Eg, admin creates the |
10 |
account, and asks user to send ssh key. 3rd party intercepts this |
11 |
request, and answers themselves before the new developer does. |
12 |
|
13 |
> > (2) verifying the key wasnt messed with in transit |
14 |
> > your solution really doesnt address either ... in fact the irc thing is a |
15 |
> > *really bad* idea ... |
16 |
> > after all, dcc/irc is as easy to manipulate as telnet (well even easier :D) |
17 |
> Bug freenode to support GPG authentication for registered nicknames? =p |
18 |
Pipe dream as that would be very non-standard AFAIK. |
19 |
|
20 |
Lets go back to your suggestion of GPG-signed mail for a moment. |
21 |
That still doesn't provide much help. I can easily generate a GPG key |
22 |
with your name and email address on them, and unless you have an |
23 |
existing key that is on the web-of-trust, I can't prove that the key is |
24 |
actually yours. |
25 |
|
26 |
-- |
27 |
Robin Hugh Johnson |
28 |
E-Mail : robbat2@××××××××××××××.net |
29 |
Home Page : http://www.orbis-terrarum.net/?l=people.robbat2 |
30 |
ICQ# : 30269588 or 41961639 |
31 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |