Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 12494 invoked from network); 21 Nov 2010 08:14:51 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 21 Nov 2010 08:14:51 -0000 Received: (qmail 60184 invoked by uid 500); 21 Nov 2010 08:15:21 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 60037 invoked by uid 500); 21 Nov 2010 08:15:21 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 60029 invoked by uid 99); 21 Nov 2010 08:15:21 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 21 Nov 2010 08:15:21 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of margol@beamartyr.net designates 199.203.54.245 as permitted sender) Received: from [199.203.54.245] (HELO mail1.mirimar.net) (199.203.54.245) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 21 Nov 2010 08:15:13 +0000 Received: from [192.168.10.87] (84.94.98.7.cable.012.net.il [84.94.98.7]) (authenticated bits=0) by mail1.mirimar.net (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id oAL8Eowx004979 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for ; Sun, 21 Nov 2010 10:14:51 +0200 Message-ID: <4CE8D4F0.207@beamartyr.net> Date: Sun, 21 Nov 2010 10:14:40 +0200 From: Issac Goldstand User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6 MIME-Version: 1.0 To: dev@httpd.apache.org Subject: Re: Proposed: PKI Authentication for secure web access References: <6C0785FE-C463-4B15-95E3-36C2C66836F2@sharp.fm> <4CE83062.60706@beamartyr.net> <15D9B04B-23C7-4116-8D38-81A18DF72321@apache.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.96 at hector.mirimar.net X-Virus-Status: Clean lol. In the meantime, it's still useful for implementation in closed organizations where it's easy to enforce client cert policies (and easy to use a CA model) On 21/11/2010 10:11, Rob Lemaster wrote: > This is good info. Thanks for your responses. So I guess the problem > isn't that the functionality isn't available, but that it's hard to > get end users to adopt it. This makes me sad. When I become Emperor, I > will require all secure web sites to implement this functionality and > the world will be a better place. > > -rob > > > On Sat, Nov 20, 2010 at 8:59 PM, Sander Temme wrote: >> On Nov 20, 2010, at 12:39 PM, Rob Lemaster wrote: >> >>> Thanks for the link Issac. If this is already in Apache, why isn't >>> everyone using it? >> Because key management is just too freaking hard, and too much of a management and support burden. >> >> For God's sake, if we can't even get the Apache developer community to use PGP without handholding, how would you expect the general public to handle this tech? >> >> S. >>