Random thoughts/crazy idea: Drop SSL certs
Miroslav Suchý
msuchy at redhat.com
Mon Apr 27 15:35:45 UTC 2015
On 04/27/2015 03:45 PM, Pierre-Yves Chibon wrote:
> pros
> - API token per user and per application
> - Could support multiple tokens per application
> - Central place to manage API token (ie a central place to revoke someone's
> access if a machine gets compromised/lost)
> - Simpler than dealing with the SSL stack
> - Can be re-used by multiple applications
>
> cons:
> - It's an idea and it needs work :)
> - Impacts
> - dist-git
> - koji
> - ?
The fact, that SSL certs are used for identifying user, always seemed weird to me.
And sometimes it is painful to use it. It is definitely easier to change token than change a ssl cert.
+1 to use normal SSL cert just for crypto and identify user using token (or even kerberos/GSSAPI).
--
Miroslav Suchy, RHCA
Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys
More information about the rel-eng
mailing list