Return-Path: X-Original-To: apmail-river-dev-archive@www.apache.org Delivered-To: apmail-river-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B84DC7F4D for ; Thu, 29 Dec 2011 12:30:37 +0000 (UTC) Received: (qmail 19960 invoked by uid 500); 29 Dec 2011 12:30:37 -0000 Delivered-To: apmail-river-dev-archive@river.apache.org Received: (qmail 19933 invoked by uid 500); 29 Dec 2011 12:30:37 -0000 Mailing-List: contact dev-help@river.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@river.apache.org Delivered-To: mailing list dev@river.apache.org Received: (qmail 19924 invoked by uid 99); 29 Dec 2011 12:30:37 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 Dec 2011 12:30:37 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [83.163.196.105] (HELO nyx.xs4all.nl) (83.163.196.105) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 Dec 2011 12:30:31 +0000 Received: from saturn.qcg.lan ([192.168.99.10]) by nyx.xs4all.nl with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1RgF7Z-0001bM-JL for dev@river.apache.org; Thu, 29 Dec 2011 13:30:09 +0100 Message-ID: <4EFC5D51.5050302@qcg.nl> Date: Thu, 29 Dec 2011 13:30:09 +0100 From: Simon IJskes - QCG Organization: Quality Consultancy Group b.v. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111110 Thunderbird/8.0 MIME-Version: 1.0 To: dev@river.apache.org Subject: Re: WOT: trust bootstrapping References: <4EF98422.6090401@qcg.nl> <4EFBBF65.7000305@zeus.net.au> <4EFC3913.4030309@qcg.nl> <1325159198.2424.11.camel@Nokia-N900-51-1> In-Reply-To: <1325159198.2424.11.camel@Nokia-N900-51-1> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org On 29-12-11 12:46, Peter wrote: > By self signing your own certificates, the people at the other end still need a way to id you're cert. > This is the hardest part of cryptography to solve. > There may not always be a user or person on the other end, so there needs to be a programmatic alternative also. Yes, this problem is what i tried to adress, or to avoid, by stating: > One could have the trustmanager offer the unknown certificate for > acceptance to the user, in order to allow authentication via external > channels. Authenticating the self signed certificate by electronic means from within the jini domain is unsolveable imho. Thats why i want to leave it up to the implementor of the application to solve the problem. User interfaces like bluetooth authentication spring to mind. The authentication problem is quite similar to bluetooth. Gr. Sim -- QCG, Software voor het MKB, 071-5890970, http://www.qcg.nl Quality Consultancy Group b.v., Leiderdorp, Kvk Den Haag: 28088397