[Swift-devel] SSH support

Mihael Hategan hategan at mcs.anl.gov
Fri Nov 23 20:15:09 CST 2007


On Sat, 2007-11-24 at 02:01 +0000, Ben Clifford wrote:
> 
> On Fri, 23 Nov 2007, Mihael Hategan wrote:
> 
> > On the other hand, user generated key pairs can be very convenient. It
> > would certainly solve the problem of having to generate proxies on a
> > regular basis in a portal, for which it gets an A in
> > usability/convenience.
> 
> though if you're prepared to accept long term unencrypted credentials, 
> making a proxy valid for the full length of its parent credntial is also a 
> reasonable way to proceed.

In a sense. One difference is that you can easily create a key pair to
be used for a specific application and specific sites, entirely separate
from an identity used to gain access to more critical things.

It's harder to get "application certs" from CAs that are accepted by
services on the typical servers we use.

> 




More information about the Swift-devel mailing list