Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30
Toshio Kuratomi
a.badger at gmail.com
Wed Oct 12 20:33:04 UTC 2011
On Wed, Oct 12, 2011 at 08:19:27PM +0200, Henrik Nordström wrote:
>
> And why is so much of the Fedora inftrastructure relying on plain text
> password exchanges (within SSL, but still plain text at the Fedora
> servers) when there is both HTTP digest authentication (no plaintext
> seen by Fedora servers) and SSL certificates and SSH keys which all
> three serves a much better identification method?
>
Don't know about hte others but we've actually looked at SSL certificates
several times. Unfortunately, they have the client side tooling around SSL
certificates makes them less attractive than they could be. It seems that
what we need is the equivalent to an ssh-agent for SSL certificates to bring
that end of things up to par.
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20111012/da260ff6/attachment.bin
More information about the devel
mailing list