Home Explore Help
Register Sign In
fr33domlover
/
Rel4tion-Wiki
mirror of git://seek-together.space/wiki.git
Watch 1
Star 0
Fork 0
Files Issues 0 Wiki
Branch: master
Branches Tags
Rel4tion-Wiki
/
ssl.mdwn

ssl.mdwn 2.6 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 
  1. SSL allows client software to authenticate web services and establish encrypted
    2. 

  2. connections with them over the network. Each service holds private key which it
    3. 

  3. uses to prove its identity, and a public certiticate client software uses to
    4. 

  4. verify the service.
    5. 

  5. 

  6. Most of the time client software actually trusts Certificate Authorities (CAs),
    7. 

  7. which can sign many different certificates. Then, trusting the CA enables trust
    8. 

  8. of all certificates signed by it. Of course this raises the question "how many
    9. 

  9. people can one person possibly trust", and indeed the number is small (because
    10. 

  10. there's a limit to the number of people we can maintain friendships with...
    11. 

  11. there are just 24 hours a day). CAs are usually large, and don't really trust
    12. 

  12. all their users in the regular social meaning of trust.
    13. 

  13. 

  14. Partager solves the problem by allowing trust to be established through PGP
    15. 

  15. signatures, which is a decentralized mechanism, and provides its own independent
    16. 

  16. CA which doesn't trust or expect to be trusted any of those large
    17. 

  17. corporate-managed CAs which could potentially sign any certificate if paid
    18. 

  18. enough (even if some of them don't, how would you know who's honest and who
    19. 

  19. isn't? This is exactly the problem with large CAs).
    20. 

  20. 

  21. The Monkeysphere support enabling use of PGP signatures __is not complete yet__,
    22. 

  22. but you if you haven't told your computer to trust Partager's CA, you can follow
    23. 

  23. the [[certificate usage guide|projects/systems/servers/security/certificates]].
    24. 

  24. Then, you can e.g. browse this website securely by using an HTTPS prefix in the
    25. 

  25. address instead of HTTP.
    26. 

  26. 

  27. If you would like to have your certificate signed by Partager's CA in order to
    28. 

  28. avoid duplication of effort, that's fine - but note that Partager is a community
    29. 

  29. CA, i.e. trust is based on actual trust between friends. So either we already
    30. 

  30. know each other, or we will need to. Once there is real-life trust, there can
    31. 

  31. also be digital trust. If you ask me, this is how it's supposed to work.
    32. 

  32. 

  33. If you don't know me and cannot, e.g. because you live in the other side of the
    34. 

  34. world, that's fine - I intend my "community CA" approach to be applied to
    35. 

  35. individual homes and small communities. You can easily create your own CA just
    36. 

  36. like Partager has done, by following the
    37. 

  37. [[SSL admin guide|projects/systems/admin-guides/SSL]]. There's even a user guide
    38. 

  38. you can use to understand the client side, and Partager's certificate usage
    39. 

  39. guide mentioned above can be used as a template to create your own - just
    40. 

  40. replace "partager" with the name of your CA :-)
    41. 

  41. 

  42. Some files you may expect:
    43. 

  43. 

  44. - CA certificate: [[rel4tion-ca.crt]]
    45. 

  45. - PGP signature of the certificate: [[rel4tion-ca.crt.sig]]
    46. 

  46. - Revocation lists: <http://cert.rel4tion.org/crl/>
    47. 

  47.