Re: gnome-keyring has SSH, X.509 certificate and key support

From: "Luis Villa" <luis tieguy org>
To: "Stef Walter" <stef memberwebs com>
Cc: "desktop-devel-list gnome org" <desktop-devel-list gnome org>
Subject: Re: gnome-keyring has SSH, X.509 certificate and key support
Date: Mon, 3 Dec 2007 14:34:12 -0500

On Dec 3, 2007 2:26 PM, Stef Walter <stef memberwebs com> wrote:
> Luis Villa wrote:
> > Comment 1: this is awesome. I'm very psyched to finally see proper ssh
> > support, and in general to see better identity/key management in
> > GNOME. This is hugely important- I think much more so than people seem
> > to realize.
>
> Yes. I hope that with a solid modern PK infrastructure, applications
> will be able to use encryption in a way that doesn't stomp on users toes.

Absolutely. Very exciting.

> > Comment 2: will I still be required to re-auth post login with this
> > release? or will access to the default keyring now be automatic with
> > login? (You make reference to a 'login keyring', so I'm optimistic
> > this is what you mean, but I wanted to double-check.)
>
> Yes, this is probably the most compelling reason for GNOME having a real
> certificate and key store: The integration with the users login.
>
> gnome-keyring 2.20 included support for unlocking the user's keyrings
> with the user's login password. And the current certificate store builds
> on that functionality.
>
> The 'login' keyring is a keyring that is unlocked by PAM upon successful
> authentication. When a private key needs to be unlocked (for example
> when using it to do an SSH login), the 'login' keyring is checked for a
> relevant password.

Hrm. Will applications need to be modified to store to this keyring
instead of the default keyring?

> > Comment 3: have you talked to the Novell guys working on the Bandit
> > Project aka DigitalMe? I just installed their linux build and firefox
> > plugin[1] and got a really great authentication experience with two
> > sites that use the CardSpace aka InfoCard standard.[2] It seems to
> > already interoperate with the keyring, which is great, but it seems
> > like it would be good if GNOME made sure to reach out to them and make
> > sure that we're providing what they need.
>
> Interesting. I'll drop them a note [1].

> [1] ... once I can manage to figure out access their mailing list
> without giving them an insane amount of personal info and '[x] we can
> spam you and yours' in order to create a 'Novell' account.

Ah, Novell. Two steps forward, one step back.

Luis

Follow-Ups:
- Re: gnome-keyring has SSH, X.509 certificate and key support
  - From: Stef Walter

References:
- gnome-keyring has SSH, X.509 certificate and key support
  - From: Stef Walter
- Re: gnome-keyring has SSH, X.509 certificate and key support
  - From: Luis Villa

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]