Account Security Question

[Michael Tant]

Upon creating my account on the fedoraproject site, I was asked to submit a
public key and download a client certificate.  First, what is the public key
used for?  I sent a 1024 rsa pubkey made with ssh-keygen.  Does it have to
be rsa or can I change that to a 2048 dsa key?  I commonly use my windows
side to access the internet and my linux side more as a server than a
terminal side, though it has client side available.  Should the dsa public
key be kept on the browser side, or isolated to the linux side?  The Private
Key is kept offline on removable media.

In regards to the certificate, it requests I add this to a particular
location in the system.  Is the certificate used to authenticate my sessions
with fedoraproject or just for the purposes of linux developing?  If it is
used for authentication, can this be used on a windows based system, or
should I login from my linux side?  I'm not a developer as of yet, my
programming skills are hardly up to par yet.  Regardless of the use, events
of yesterday lead me to ask, is this a MD5 hash or SHA1 or SHA2 hash?  I ask
this because of the collision exploit to md5 certificates.  Please let me
know, and if it is a MD5 hash, can I request a SHA clientside certificate?

Being new to Linux, I am thrilled to to have membership in fedoraproject, as
I have found linux nearly superior to windows in many areas.

Thank You,

Michael Tant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/websites/attachments/20090107/d1922f38/attachment.html>