[Freeipa-interest] Interest in certificate management functions in IPA
Karl MacMillan
kmacmill at redhat.com
Tue Nov 13 15:26:05 UTC 2007
On Mon, 2007-11-12 at 22:22 -0800, Joshua Daniel Franklin wrote:
> On 11/12/07, Karl Wirth wrote:
> > Do you have interest in this functionality?
>
> We have some interest; robust PKI infrastructure
> would be amazing, especially if it had a clean API.
> However, a word of caution that if you start talking
> about anything beyond machine-level certificates
> (such as SSL/TLS tied to a DNS name) the world gets
> very complicated and as far as I can tell there's no
> interopability. Even the SOAP WS-Security
> "standard" seems abandoned.
>
We were thinking machine-level certificates initially potentially moving
to user certs for signing and encryption. What other areas would be of
interest.
> > If so, for certs for what applications and use cases?
>
> The low-hanging fruit would be system daemons
> (httpd, dovecot, sendmail, etc./alternatives).
>
Ok - that's what were thinking as well.
> I'm also assuming you know about the Fedora Crypto
> Consolidation Project:
> http://fedoraproject.org/wiki/FedoraCryptoConsolidation
>
Yes - but thanks for the pointer.
Karl
More information about the Freeipa-interest
mailing list