From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: Date: Mon, 12 Dec 2005 07:16:34 -0500 From: Russ Cox To: Lucio De Re , Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu> Subject: Re: [9fans] Another stupid problem In-Reply-To: <77b4f96c6d0c89ed49f35a51968346e8@proxima.alt.za> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <77b4f96c6d0c89ed49f35a51968346e8@proxima.alt.za> Cc: Topicbox-Message-UUID: c161fcc0-ead0-11e9-9d60-3106f5b1d025 > Maybe I'll understand all these things eventually. In the meantime, > in the attached picture, why does factotum report no key? The rsa protocol loops through the keys available, presenting them to the program talking to factotum. When the program finds a key it wants to use, it continues. Otherwise factotum runs out of keys and it gives up. That's what happened here. You have some rsa keys in your factotum, but not the one corresponding to the X.509 certificate you have told imapd to use. > And why does IMAPD request a "client" key? Is it the "public" key for > the incoming request that is being requested here? In the "rsa" protocol implementation, like most of the protocols, it is the client side that holds the secret. TLS is odd in that the server is authenticating to the client but the client rarely authenticates to the server. So the TLS server uses the rsa client protocol and vice versa. Russ