Bug#579177: ITP: xul-ext-monkeysphere -- Iceweasel/Firefox extension for using Monkeysphere on the web
Package: wnpp
Severity: wishlist Owner: Jameson Rollins <jrollins@finestructure.net> Owner: Jameson Rollins <jrollins@finestructure.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 * Package name : xul-ext-monkeysphere Version : 0.1 Upstream Author : monkeysphere@lists.riseup.net * URL : http://web.monkeysphere.info/ * License : GPLv3 Programming Lang: javascript Description : Iceweasel/Firefox extension for using Monkeysphere on the web Monkeysphere is a system for using the OpenPGP web of trust as a PKI for rsa keys. . This extensions enables Monkeysphere checking of X.509 certificates from https hosts whose keys are in the web of trust. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJL1MXNAAoJEO00zqvie6q8gB8P/iGOhMgFRqIGeONEF6xR/ANv V+Kwq3NMWT5AEApltFV6JKcpKmpTafET8WLOOlS9Ro1bjFAJ4H 8D5Ae1OwlHF4F1 EHHeMeLZ4uheB3HEQZ6h29hDio8/N4wZEDNJmequ23NC+V2SXtDqxY2KJ77kNEsP IWcbbuJQLQRcpihBz9Z58KuylMj1OMFzkesXo6q/lv6bPnIo+0L/IlakSxXP0uTE mGc4H/2NBt+qkOUqRxHLySrsxNSaxwr46UekpDeQfSyNH2jzNE3Wtal9 WrFHPiOa jl86fUqZols0HCDCQTe4EL4NoBLyHyfjFtywjip9LUK6u8rKEP hlFtjX4jwOVOlL Q3cNTyIVDp5Td0WKqFpmLc8QhnVdkMw7wXBswieywfhfdb+9zJ 4KlK2HBa9FiXIb zk4U+3uF5gqZsthPfW6RQBsCHeYOiUjp+R/LSiucOoFXZKVcGJpB9ZXYpaCJHEkF nhBFIvxJ5hlNKOwnt6a95aqcM34fR/tAO2D66dJnK452xiSYzh3rWRTcJywKt4ZL VMyPCaR51UDyuSA6NgcGMw2vxwoKbIesgPzZXHw+5wWw2DeUV1 sGJcPqs6UlEQaT b4zi0ALl3ZgBH6rMtmlFhCZHfxANDdo0vNNiA1X7B5UgB+tL+D NuaMP4/yfNG6MR nmGSen+o53Ljt8ZxHmW7 =d48a -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 20100425224433.14724.16411.reportbug@localhost">ht tp://lists.debian.org/20100425224433.14724.16411.reportbug@localhost |
Bug#579177: ITP: xul-ext-monkeysphere -- Iceweasel/Firefox extension for using Monkeysphere on the web
On Sun, 2010-04-25 at 18:44 -0400, Jameson Graef Rollins wrote:
> * Package name : xul-ext-monkeysphere > Version : 0.1 The package description could mention that this is an early/alpha/experimental release, to avoid deception (and encourage feed-back) > Description : Iceweasel/Firefox extension for using Monkeysphere on the web > > Monkeysphere is a system for using the OpenPGP web of trust > as a PKI for rsa keys. ^^^ Is it appropriate to name those keys "RSA" Wouldn't it be better to state that it's a replacement for X509 certificates? (there is probably an even better wording, but I can't find it). > This extensions enables Monkeysphere checking of X.509 certificates > from https hosts whose keys are in the web of trust. The long description should mention that this package contains an Iceweasel extensions, maybe: "This package contains an Iceweasel/Firefox extensions to use Monkeysphere for checking of X.509 certificates from https hosts whose keys are in the web of trust." My 2 cents, Franklin -- To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 1272836217.5782.2566.camel@solid.paris.klabs.be">h ttp://lists.debian.org/1272836217.5782.2566.camel@solid.paris.klabs.be |
Bug#579177: ITP: xul-ext-monkeysphere -- Iceweasel/Firefox extension for using Monkeysphere on the web
Hi, Frank. Thanks so much for the feedback. Responses below.
On Sun, 02 May 2010 23:36:57 +0200, Frank Lin PIAT <fpiat@klabs.be> wrote: > On Sun, 2010-04-25 at 18:44 -0400, Jameson Graef Rollins wrote: > > * Package name : xul-ext-monkeysphere > > Version : 0.1 > > The package description could mention that this is an > early/alpha/experimental release, to avoid deception (and encourage > feed-back) This extension definitely is in the early stages of development, but it is working for most cases now, and the developers are using it routinely. I'm also not sure how we would indicate that it's "alpha" or "experimental" in the Package: or Version: fields of the control file, which I think is what you're implying. Do you have a suggestion for that? > Wouldn't it be better to state that it's a replacement for X509 > certificates? (there is probably an even better wording, but I can't > find it). Monkeysphere is not actually a replacement for X.509, at least not in the sense of using Monkeysphere *or* X.509. The goal of Monkeysphere, broadly, is to expand the usage of OpenPGP for authentication on the net. In the context of the web, the Monkeysphere xul extension can be used to validate sites that have put their host keys on the OpenPGP Web of Trust (WOT). However, the extension actually currently relies upon sites providing an X.509 certificate through normal TLS channels. We provide a fallback validation check using the WOT when the standard X.509 validation fails. Our goal is not to disrupt standard X.509 validation if the user wishes to continue to rely upon it, but to instead provide an alternative to standard X.509 validation that uses OpenPGP and the WOT. I agree, though, that it is relevant to mention X.509 in the package description, at least in the sense of providing an alternative, but I feel like we're currently doing that with this bit: > > This extensions enables Monkeysphere checking of X.509 certificates > > from https hosts whose keys are in the web of trust. Does this not seem clear enough? Or is there something else that we're missing in the description to make things clearer? > The long description should mention that this package contains an > Iceweasel extensions, maybe: > "This package contains an Iceweasel/Firefox extensions to use > Monkeysphere for checking of X.509 certificates from https hosts > whose keys are in the web of trust." Good point. We'll fix that. > My 2 cents, Always appreciated! jamie. |
Bug#579177: ITP: xul-ext-monkeysphere -- Iceweasel/Firefox extension for using Monkeysphere on the web
On Mon, 2010-05-03 at 12:13 -0400, Jameson Rollins wrote:
> Hi, Frank. Thanks so much for the feedback. Responses below. > > On Sun, 02 May 2010 23:36:57 +0200, Frank Lin PIAT <fpiat@klabs.be> wrote: > > On Sun, 2010-04-25 at 18:44 -0400, Jameson Graef Rollins wrote: > > > * Package name : xul-ext-monkeysphere > > > Version : 0.1 > > > > The package description could mention that this is an > > early/alpha/experimental release, to avoid deception (and encourage > > feed-back) > > This extension definitely is in the early stages of development, but it > is working for most cases now, and the developers are using it > routinely. I'm also not sure how we would indicate that it's "alpha" or > "experimental" in the Package: or Version: fields of the control file, > which I think is what you're implying. Do you have a suggestion for > that? I have gathered some existing "excuses", but none seems to fit your need. http://wiki.debian.org/PackagesDescriptions/Fragments Based on what you told, upstream might want to number it 0.9 ;) Still, let me give a try: "Although the program is still in development stage, It already have some useful features, and it is quite stable" Feel free to adjust or rewrite it. > > Wouldn't it be better to state that it's a replacement for X509 > > certificates? (there is probably an even better wording, but I can't > > find it). > > Monkeysphere is not actually a replacement for X.509, at least not in > the sense of using Monkeysphere *or* X.509. The goal of Monkeysphere, > broadly, is to expand the usage of OpenPGP for authentication on the > net. In the context of the web, the Monkeysphere xul extension can be > used to validate sites that have put their host keys on the OpenPGP Web > of Trust (WOT). However, the extension actually currently relies upon > sites providing an X.509 certificate through normal TLS channels. We > provide a fallback validation check using the WOT when the standard > X.509 validation fails. Our goal is not to disrupt standard X.509 > validation if the user wishes to continue to rely upon it, but to > instead provide an alternative to standard X.509 validation that uses > OpenPGP and the WOT. ok we "just" have to figure out how to write that in 4 or 5 lines ;) "Monkeysphere uses OpenPGP's « Web of Trust » to validate X509 certificates that aren't signed by a known certificate authorities (CA)." We could also something like this: "In regular public key infrastructure (PKI), X509 certificates are signed by a third party organisations, that are considered to be trusted by both the webserver-admin and the web-browser vendor." > I agree, though, that it is relevant to mention X.509 in the package > description, at least in the sense of providing an alternative, but I > feel like we're currently doing that with this bit: > > > > This extensions enables Monkeysphere checking of X.509 certificates > > > from https hosts whose keys are in the web of trust. > > Does this not seem clear enough? Or is there something else that we're > missing in the description to make things clearer? > > > The long description should mention that this package contains an > > Iceweasel extensions, maybe: > > "This package contains an Iceweasel/Firefox extensions to use > > Monkeysphere for checking of X.509 certificates from https hosts > > whose keys are in the web of trust." > > Good point. We'll fix that. Again, just my 2 cents ;) Franklin -- To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 1272924329.3999.930.camel@solid.paris.klabs.be">ht tp://lists.debian.org/1272924329.3999.930.camel@solid.paris.klabs.be |
| All times are GMT. The time now is 11:07 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.