John Ziniti wrote:
Iain Buchanan wrote:
On Mon, 2005-06-20 at 16:54 -0700, David Busby wrote:
The hacker still would not be able to present a valid certificate,
though, right? This depends on what the OP meant when he said "If the
client is not signed I generate and securely transmit a cert to the
client and then open the network to their IP." Do you mean that you
do this in an automated way (blech), or is it done manually in some
offline manner (better)?
Yes if the client isn't signed by my one and only one trusted CA (which is me) I will give them the cert in a
manual/offline way, even if it is inconvienient.
2. Break into a box you trust which may not be so locked down as yours
is...
This is the biggest hole that I see.
Yea, I thought so too.
JZ
Excellent feedback, thank you.
/djb
--
[email protected] mailing list
