[Authentication] Short introduction
stef-list at memberwebs.com
Wed Jul 15 07:47:53 PDT 2009
Michael Leupold wrote:
> On Wednesday 15 July 2009 05:48:19 Brad Hards wrote:
>> Is X.509 stuff (e.g. client side certificates or keys) out-of-scope here?
>> I'm not asking to make it in (or out) of scope, just looking for a
> It currently is and should be. I believe in taking one step at a time and fear
> that a certificate spec would provide a lot more controversy and thus take
> longer to put together.
> While client applications can use the secret store to encryptedly store
> certificates that's of course not all there is to it.
While that's certainly possible, this secrets API is pretty useless for
storing certificates/keys. The whole point of a certificate/key store is
that crypto operations happen in the store (and the keys don't leave the
But again, you're right, this is out of scope.
More information about the Authentication