On 27 Feb 2002 [EMAIL PROTECTED] wrote: > + *) Introduce PassPhraseDialog "|/path/to/pipe" mechanism to mod_ssl. > + This pipe must be a bidirectional 'console' style relay, which > + mod_perl prints all prompts to the pipe's stdin, and reads the > + passphrases from the pipe's stdout. [William Rowe]
I don't have a problem with this change in and of itself, but we need to be careful to emphasize to our users how little good a passphrase will do you. It does even less good when the input is piped in from a program that is unsuitably protected. We have countless debates about this on the mod_ssl users list--some people think passphrases are good, many of us think they just lead to a false sense of security. All I'm suggesting here is that we should document all the pros and cons somewhere better than what we have now. --Cliff -------------------------------------------------------------- Cliff Woolley [EMAIL PROTECTED] Charlottesville, VA
