[Freeipa-interest] Interest in certificate management functions in IPA

Joshua Daniel Franklin jdf.lists at gmail.com
Tue Nov 13 06:22:54 UTC 2007


On 11/12/07, Karl Wirth wrote:
> Do you have interest in this functionality?

We have some interest; robust PKI infrastructure
would be amazing, especially if it had a clean API.
However, a word of caution that if you start talking
about anything beyond machine-level certificates
(such as SSL/TLS tied to a DNS name) the world gets
very complicated and as far as I can tell there's no
interopability. Even the SOAP WS-Security
"standard" seems abandoned.

> If so, for certs for what applications and use cases?

The low-hanging fruit would be system daemons
(httpd, dovecot, sendmail, etc./alternatives).

I'm also assuming you know about the Fedora Crypto
Consolidation Project:
http://fedoraproject.org/wiki/FedoraCryptoConsolidation




More information about the Freeipa-interest mailing list