certificate-based-login

Ideas for ADC may be presented here for others to review and point out flaws or further improve the idea.
Forum rules
If you have an account on the wiki, remember to update the ADC Proposals page for new ideas.

http://dcbase.org/wiki/ADC_Proposals_list
Toast

certificate-based-login

Post by Toast » 25 Nov 2008, 09:20

The talk on can be started here

https://blueprints.launchpad.net/dshub/ ... ased-login

Pietry got this link from arne to help him
From Arne (DCDev) wrote:[08-11-24][20:43:38] <arnetheduck> http://tools.ietf.org/html/draft-ietf-tls-openpgp-keys
Lets see if any ideas can flow from this post

adrian_007
Senior Member
Posts: 126
Joined: 06 Jan 2008, 13:00

Re: certificate-based-login

Post by adrian_007 » 25 Nov 2008, 15:25

imo cool idea. about certs, i see it like that
1. user connect to hub
2. op register user
3. hub send generated cert
4. client receive it and save in with unique name

very abstract view, but it is sth ;p

Toast

Re: certificate-based-login

Post by Toast » 25 Nov 2008, 15:41

yeah i requested your thoughts on launchpad but seems like ppl dont check their blueprints :P

but it is a cool idea still and with a little help it might just work

Cobra
Junior Member
Posts: 16
Joined: 29 Oct 2008, 03:35

Re: certificate-based-login

Post by Cobra » 25 Nov 2008, 19:56

doesn't that kind of defeat the purpose when a non-certified user can connect in the 1st place?
Last edited by Cobra on 25 Nov 2008, 19:57, edited 1 time in total.
FLAC is Boss

Toast

Re: certificate-based-login

Post by Toast » 25 Nov 2008, 19:57

Why would it do that ?

Cobra
Junior Member
Posts: 16
Joined: 29 Oct 2008, 03:35

Re: certificate-based-login

Post by Cobra » 25 Nov 2008, 19:59

wholly on the ball toast. I don't think I even hit submit and you replied.
adrian_007 wrote:imo cool idea. about certs, i see it like that
1. user connect to hub
2. op register user
3. hub send generated cert
4. client receive it and save in with unique name

very abstract view, but it is sth ;p
Maybe I am not understanding the purpose of a certificate based login. Is it not to dis-allow those who don't possess a hub-signed certificate?
FLAC is Boss

adrian_007
Senior Member
Posts: 126
Joined: 06 Jan 2008, 13:00

Re: certificate-based-login

Post by adrian_007 » 25 Nov 2008, 21:07

we check some basic info (ie: cid) if user exists in database, and then check for certs.

Cobra
Junior Member
Posts: 16
Joined: 29 Oct 2008, 03:35

Re: certificate-based-login

Post by Cobra » 26 Nov 2008, 03:31

adrian_007 wrote:we check some basic info (ie: cid) if user exists in database, and then check for certs.
Can an uncertified joiner have restricted access? Say they might be unable to view a userlist or make any kind of transfers until they are certified? A great opportunity to make sure they aren't sharing "co pyri ghted" or non-standard material before certifying.
FLAC is Boss

Pietry
Senior Member
Posts: 328
Joined: 04 Dec 2007, 07:25
Location: Bucharest
Contact:

Re: certificate-based-login

Post by Pietry » 26 Nov 2008, 07:22

Hey, a non registered user doesn't need a signed certificate. A certificate is required only for registered users ( including operators) . This replaces password based login, so normal users will be able to enter as normal users with any certificate. Certificates signed by the hub are only required for users who have certain rights above the regular users , and its purpose is to identify them . In other words, only accounts will have signed certs.
Just someone

Dj_Offset
Member
Posts: 53
Joined: 15 Sep 2008, 21:48
Location: adcs://adcs.uhub.org:1511
Contact:

Re: certificate-based-login

Post by Dj_Offset » 30 Nov 2008, 22:59

While I do not have any problems with the technical aspects of this idea, I really have to question its usefulness, and usability issues.

First of all, what is this trying to accomplish? Give me a couple of use-cases if you like.

Second, consider the total failure of PGP (and S/MIME) with e-mails, why do you think that is? What makes the situation different here?

Locked