Hacker News new | ask | show | jobs
by whisk3rs 3926 days ago
I'm excited to see more work being done to empower small engineering teams to take advantage of certificates. Lemur looks great, though many smaller organizations may find tools like "xca" to be adequate. xca is a simple GUI for certificate management: http://xca.sourceforge.net/
2 comments
jscott0918 3926 days ago
I don't know xca and I hope that it is a good project. Seeing a sourceforge link after the flack from the last few months makes me somewhat skeptical of the content on the other end though.
link
martin_ 3925 days ago
I had a bad taste in my mouth too. It's kind of crazy that we as developers have a tarnished view of open source code due to where the repository is hosted. If GitHub/Bitbucket start bundling malware into binaries one day will we tarnish all of the developers/companies open sourcing there too? I don't for a second anticipate it happening, but I'm sourceforge was considered great back in its hayday.
link
kbenson 3925 days ago
> If GitHub/Bitbucket start bundling malware into binaries one day will we tarnish all of the developers/companies open sourcing there too?

Yes. And hopefully that would be an impetus to move were that to happen. Any repo at one location that was at SF the day prior, and I knew they moves, immediately looks better in my eyes, because they are no longer helping support that system.

link
girvo 3925 days ago
Indeed. Here's what I get when I try to go to the SF page for xca: https://i.imgur.com/sOnboSV.png
link
bmn_ 3925 days ago
https://github.com/Gerberus/xca
link
wdewind 3925 days ago
> empower small engineering teams to take advantage of certificates

Dumb question: I'm an engineer who doesn't understand certificates outside of the basics of SSL. What are some cool things a small engineering team could do with Lemur (or certs in general)?

link
Sanddancer 3925 days ago
For one example, deploy servers and have them already verified, so a new box that you know you personally set up will not give a warning [1]. One of the most underutilized parts of SSL certificates is that you can verify who /you/ are, so any kind of server, including webservers, don't need passwords, because they already have the invite list [2]. This part is admittedly a lot crunchier than the first example because people haven't spent nearly enough time getting it working nicely. Basically, good use of certs can replace a lot of systems where you know what it is and they know what you are.

[1] https://www.digitalocean.com/community/tutorials/how-to-crea...

[2] http://nategood.com/client-side-certificate-authentication-i...

link
whisk3rs 3925 days ago
In addition to sanddancers comment, you can also do things like: - issue ephemeral certificates (with expiration in the near future) to allow a machine to perform an action but only for a certain amount of time (for example: to fetch credentials from a source to store in memory during machine provisioning). - use client certificates to authenticate your end-users for secure web apps. - easily build machine-to-machine trust models that take commercial CAs out of the picture
link