[Zope] new proposal with Verisign CA (was radius authenticati on instead of flatfile or userdb?) flatfile or userdb?)

Christopher Petrilli petrilli@digicool.com
Fri, 10 Sep 1999 10:03:32 -0400


>> Yeah, you may be able to get stronghold, or something, to do the
> client-side
>> certificate auth. Hey, didn't Chris Petrilli work with this stuff?
>
> Yep.  We've now got the expertise, we've just not had the opportunity to
> get into it.  The customer driving our LDAP work will, in the next 3-4
> months, also be driving an x509 requirement.  When we do get to it I
> _strongly_ suspect that we'll defer as much as possible to the web
> server (in their case Netscape ES).

Ach! I've been found out :-)

Yes, I've thought very hard about how to do this correctly, and it's not
"hard", but it is tedious to get right.  I spent too long on the wrong end
of PKI (i.e. the infrastructure side) and have seen the pains of actually
trying to use all this nifty technology.

As soon as we have a customer requirement that drives it, we'll venture down
there, unfortunately that also requires getting some legal opinions as to
whether the piece we're doing is subject to export control.  I don't *think*
so, but, I'm not a lawyer.  In the next few days (this weekend maybe?) I'll
try and pretty up my little writings on how PKI and Zope could work together
if anyone's interested.

Chris
--
| Christopher Petrilli        Python Powered        Digital Creations, Inc.
| petrilli@digicool.com                             http://www.digicool.com