[Xastir] Captcha's
Eric H. Christensen
eric at christensenplace.us
Fri Jun 13 17:35:58 EDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Fri, Jun 13, 2014 at 04:31:31PM -0400, John Gorkos wrote:
> On 6/13/14, 3:23 PM, Eric H. Christensen wrote:
> > The mechanism that LoTW uses is similar to what can be done for the
> > wiki. LoTW is using a certificate to digitally sign a file that is
> > then transmitted to the LoTW servers. What you can do with ssl_mod
> > (using httpd) is to require client-side certificate authentication.
> > Fedora uses this for their package build server and I've seen it a
> > couple of other places. This isn't something that's easy (although
> > it's not overly difficult, either). You must have some sort of
> > cryptographic system in place to generate and manage certificates
> > (Dogtag?).
>
> That's the beauty of it: the ARRL already DOES the hard part.
> There's no need to install Dogtag (a merciless, bloody task, not
> really made much easier by spending big $$$ to get the RedHat
> Enterprise version). The league has already issued the certificates
> and done the legwork to verify that the people they issue them to are
> real people, and real hams, and that the callsign matches the real
> name, etc. On the web server side, all you have to do is say "I trust
> the ARRL. If they signed a certificate with their private master key,
> then I'll believe the person submitting that certificate is who they
> say they are, because the ARRL did all the hard work."
> The best example is to go to this URL:
> https://authtest.aprs.fi/
Oh I see what you're saying. Yes, this would be a good way of implementing this type of control and not have to deal with the X509 certs.
73,
Eric W4OTN/3
PS: Dogtag is FOSS and you don't have to pay anything to Red Hat. I've not played with it in years but it used to be a horrid system. I'm hoping it has gotten better, though. Perhaps I'll installed it on my server and see what it's all about now.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJTm266AAoJEB/kgVGp2CYvM6YL/0A/Oj0EOjM6Wken4IXsQME4
r4EiOvlCNeziVemcgPZWHZTwBuMidx7JLnsrJW6oVpKa0FklrBnCQxZr4My0q94v
898E2JpMsEIt+MSF5l1FuFfr15Ufe31q557XAIAIRT4qEv+zCzfiotwbGZE5+lo0
CQub0SgIvXdTCRd37/PvsCHL2I6leXlRPkmEUlmnouxrQYg2NI46R/7jiGfzthaZ
8nR+8EhnqxH2L9/LIUJBRyAiVJ4QYLlwMHpG9c6X52GSrVcvrm60wLLLUJEqan5M
oNmFQcoeoUtU2gLndOjpl7Yn7fpDmYvUI/al9yiUy/2jmKGDw7DGPeOC9G3um9nX
2CHxT73s7H568iiGjgNK9zM5GRB1XLBm4DPpO8vNaqdUpKz5pOtbD1ybIx2+w5QZ
jxMq2IvE+x464wTKfoRaY9QsOaWR8MHoLJA4zFcEIKgF93KSSEP/WGmpxCYWL9cv
wfhgrhP8ZyuzXPpkSZHhUIxoud5rSj2Um9GKAKYrfg==
=FL0p
-----END PGP SIGNATURE-----
More information about the Xastir
mailing list