On Tue, Apr 19, 2005 at 12:48:47PM -0700, K. Richard Pixley wrote:
This isn't really any worse than the user authentication problem, is it?
I mean, you need user authentication in order to accept/decline trust on
a user basis. You need machine authentication in order to
accept/decline trust on a machine basis, no?
It's worse in practice, I believe. It's not that big a deal to say
that for each new developer someone has to do something administrative
to make them trusted. It's a huge deal if every time I want to use a
new laptop for development someone has to do something administrative
to make it trusted.
Interesting. If every new developer in our company is supplied his own
machine, laptop or desktop, then the tasks are pretty much identical,
aren't they? User gets a key pair, machine gets a key pair. Key pairs
are distributed to all the other machines in our trusted network.