Today I realized that the usefulness of the VeriMapsApproved setting (which allows any VeriMaps-authenticated user to connect) for the AbiathRPC server is undermined by the public availability of the Anonymous key. Server operators might enable that option think it will allow in known members of the community - since only I can issue new certificates - but it actually allows anyone who bothers to download the Anonymous key. Therefore, I made that account an exception to the approval granted by that server option.
If server operators want to allow the Anonymous certificate to be used for authentication, they can still add it as a normal account without a password.
No comments:
Post a Comment