Hanno Böck wrote: > On Mon, 29 Feb 2016 10:18:01 +0100 > Jürgen Brauckmann <[email protected]> wrote: > >> Using private PKIs for such stuff isn't risk-free, as software >> vendors are confused about the security properties of their root >> store. > > Actually I also thought while reading this thread that I disagree that > a private PKI is always a good idea. > I generally recommend the opposite. Running a private PKI requires > quite a bit of knowledge about certificates and the deployment of roots > and can introduce severe risks if you don't take care of your private > keys.
The very same is true in case you're using a public PKI (except you don't have to deal with CA's private key). Ciao, Michael. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
