1. 26 Sep, 2018 2 commits
    • Vincent Pelletier's avatar
      all: Make caucased https certificate independent from CAS. · 17325dc0
      Vincent Pelletier authored
      This is a step in the direction of being browser-friendly: if caucased
      https certificate is issued by CAS CA, then for a browser to trust that
      certificate it would have to trust all certificates emitted by CAS CA
      certificate. This would be very dangerous, as CAS CA does not constrain
      the certificates it may sign, so it exposes users of that caucased to
      rogue certificates.
      Alone, this step is insufficient, as the new internal "http_cas" does not
      constrain certificates yet. This will happen in a separate commit, to
      ease review and regression testing.
      As a consequence of this step, by default client will not check server
      certificate in https. This is consistent with how trust is bootstrapped
      with plain http: maybe client is accessing an unexpected/malicious
      caucased, but in such case issued certificates will be worthless to a
      party which could access the correct caucased. Also, the client
      certificate presented to caucased does not allow that caucased to fake
      being that user, so there is no privilege escalation possible for
      server.
      17325dc0
    • Vincent Pelletier's avatar
      doc: Add crude overview schema. · bcaebfe7
      Vincent Pelletier authored
      bcaebfe7
  2. 21 Sep, 2018 10 commits
  3. 20 Sep, 2018 5 commits
  4. 12 Sep, 2018 1 commit
  5. 22 Jul, 2018 6 commits
  6. 21 Jul, 2018 1 commit
  7. 20 Jul, 2018 3 commits
  8. 15 Jul, 2018 4 commits
  9. 14 Jul, 2018 8 commits