Difference between revisions of "User talk:Infinity Linden/OGP Trust Phase 0"
Dale Innis (talk | contribs) (Is there a page or something on how OGP uses / may use capabilities somewhere?) |
Dale Innis (talk | contribs) (→Note: dropping the requirement for client side certificates: suggest describing what happens instead) |
||
| (2 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
== Is there a page or something on how OGP uses / may use capabilities somewhere? == | == Is there a page or something on how OGP uses / may use capabilities somewhere? == | ||
I notice the word "capability" or "cap" used casually in discussion and on some of these Wiki pages, but there are lots of different ways to use capabilities, and different people may be making different assumptions. Do we have a definition of capabilities and how we expect to use them in OGP written down somewhere? (Note that I'm not asking for a generic pointer to capability use; I'm asking how we're doing to be using them in OGP.) | I notice the word "capability" or "cap" used casually in discussion and on some of these Wiki pages, but there are lots of different ways to use capabilities, and different people may be making different assumptions. Do we have a definition of capabilities and how we expect to use them in OGP written down somewhere? (Note that I'm not asking for a generic pointer to capability use; I'm asking how we're doing to be using them in OGP.) --Dale | ||
hmm... lemme look and see if we have something written up already... --Infinity | |||
==Note: dropping the requirement for no wildcards in the cert SN== | |||
after discussion, it turns out that while "wild-cards in server certificate Subject Names are considered harmful," they are actually useful to some of our stakeholders. it's probably not the place of the protocol or even LL's interop guidelines to say you can or can't use them, but rather your own conscience should guide you in this regard. in other words.. you shouldn't not use wildcards in SN's cause i tell you not to, you should not use wild-cards in SN's cause it's the right thing to do. --infinity | |||
==Note: dropping the requirement for client side certificates== | |||
after discussion, it turns out that if sensitive resources on the region domain are provided exclusively via region host issued caps, we can assume that possession of the cap implies trust. ergo, we don't need to have agent hosts use client side certs. | |||
I'm finding this rather confusing now; the old method was removed, but it wasn't replaced with anything. (Again I'm suspicious that caps are being used as magic dust here, and would like to see more details.) In particular, if the AD doesn't have a client certificate, how does it prove to the RD that it really *is* AD17, so that the RD will be willing to give it the cap in the first place? -- [[User:Dale Innis|Dale Innis]] 12:27, 24 September 2008 (PDT) | |||
Latest revision as of 12:27, 24 September 2008
Is there a page or something on how OGP uses / may use capabilities somewhere?
I notice the word "capability" or "cap" used casually in discussion and on some of these Wiki pages, but there are lots of different ways to use capabilities, and different people may be making different assumptions. Do we have a definition of capabilities and how we expect to use them in OGP written down somewhere? (Note that I'm not asking for a generic pointer to capability use; I'm asking how we're doing to be using them in OGP.) --Dale
hmm... lemme look and see if we have something written up already... --Infinity
Note: dropping the requirement for no wildcards in the cert SN
after discussion, it turns out that while "wild-cards in server certificate Subject Names are considered harmful," they are actually useful to some of our stakeholders. it's probably not the place of the protocol or even LL's interop guidelines to say you can or can't use them, but rather your own conscience should guide you in this regard. in other words.. you shouldn't not use wildcards in SN's cause i tell you not to, you should not use wild-cards in SN's cause it's the right thing to do. --infinity
Note: dropping the requirement for client side certificates
after discussion, it turns out that if sensitive resources on the region domain are provided exclusively via region host issued caps, we can assume that possession of the cap implies trust. ergo, we don't need to have agent hosts use client side certs.
I'm finding this rather confusing now; the old method was removed, but it wasn't replaced with anything. (Again I'm suspicious that caps are being used as magic dust here, and would like to see more details.) In particular, if the AD doesn't have a client certificate, how does it prove to the RD that it really *is* AD17, so that the RD will be willing to give it the cap in the first place? -- Dale Innis 12:27, 24 September 2008 (PDT)