- From: Miguel Cabeça <
>
- To:
- Subject: [chef] Re: Re: New Authentication in Chef 0.8
- Date: Wed, 10 Feb 2010 21:59:25 +0000
Hi,
>
Now that I'm not on my iPhone. What we're doing is creating a digital
>
signature with RSA keys, which signs each request.
That's precisely what presenting a client certificate does in establishing an
SSL connection. Part of the SSL handshaking involves the client signing
something with his private key for the other side to verify with the client
public key (present in the certificate offered to the other side). After the
handshake, the secure channel guarantees that both sides of the communication
are authenticated to each other. The request could be sent without further
signing or any other special requirements.
It seems to me that you've implemented something already offered for free
with the traditional SSL handshake. And the validation key is a substitution
of the CA-siging-the-certificate-to-be-presented-by-the-client stuff.
What am I seeing wrong here?
Best Regards
Miguel Cabeça
>
>
Adam
>
>
On Wed, Feb 10, 2010 at 8:24 AM, Adam Jacob
>
<
>
>
wrote:
>
> Not reinventing, using directly in the signature process. The SSH key
>
> metaphor seems to resonate for most people.
>
>
>
> If you look at the EC2 API auth, this is very similar, but with
>
> public/private keys rather than a shared secret.
>
>
>
> Sent from my iPhone
>
>
>
> On Feb 10, 2010, at 7:30 AM, Miguel Cabeça
>
> <
>
>
> wrote:
>
>
>
>> Hi,
>
>>
>
>> While reading the new Authentication page on Chef wiki [1] it seemed to me
>
>> that it's very similar to authentication with SSL client certificates.
>
>> Are you somehow reinventing the wheel or is there some obvious benefit
>
>> that I'm not aware of?
>
>>
>
>> Best Regards
>
>>
>
>> Miguel Cabeça
>
>>
>
>> [1[ http://wiki.opscode.com/display/chef/Authentication
>
>
>
>
>
>
--
>
Opscode, Inc.
>
Adam Jacob, CTO
>
T: (206) 508-7449 E:
>
Archive powered by MHonArc 2.6.16.