Re: gnome-keyring GNOME keyring for Ubuntu/Mobile



On 03/22/2013 06:54 PM, Anders Rundgren wrote:
On 2013-03-22 11:11, Stef Walter wrote:
On 03/22/2013 10:13 AM, Anders Rundgren wrote:
IMO mobile devices need something else than GCR; they need a integrated
keystore and enrollment system.  

gcr is just a library with some widgets and some bits for prompting,
parsing certificate files, and so on. Nothing fancy, just a grab bag of
tools.

The competition will have that at least:

http://webpki.org/papers/PKI/certenroll-features.pdf

This is running in a PoC format on Android.

To succeed you also need to bring in Mozilla who also work
with their own Mobile OS (which is lagging wrt user-keys).

I would be interested in working with this but I feel that
everybody is really waiting for Google since they are the
market leader in this space.

Anders, you keep bringing up certificate enrollment on every mailing
list. I applaud your enthusiasm, and that's certainly something that
worthwhile to work on.

But just talking about it non-stop doesn't help it get done. I would be
keenly interested, and a big fan, if you were to work on integrating
this into Linux (desktop or otherwise).

I would support work to integrate this into our stack (gnome-keyring,
seahorse, gcr, ...), if that's how you want to go about it. Or if you'd
rather do something separate, then that's cool too.

I think the problem with this issue is that scope of the project goes
over so many different pieces that there's no chance for an individual
to master it all.  This is probably the reason why Microsoft never
managed creating am enrollment system for consumers.  Can the Linux
community do that?  In theory they could but in practice it seems
unlikely unless some of larger parties pay for the job.

Perhaps you're right.

But on the other hand because it touches so many pieces, unless someone
starts working on this bit by bit, integrating and adapting current
projects, building understanding, and building such an effort in an open
source way, there's *no* chance the linux "community" (man that is a
broad term) is just going to magically accept some big standalone bunch
code which contains a system that while technically adept isn't actually
integrated or used by anything else.

/me catches breath

In case you are really interested we should have a virtual conference
about certificate enrollment and key-stores.

Sure. I'm working on standardized key and certificate storage between
the various crypto libraries [0]. But certificate enrollment is out of
scope for me personally, at least for the foreseeable future. On the
other hand I'm interested in what you're doing.

Cheers,

Stef

[0] http://p11-glue.freedesktop.org/



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]