RE: server.key

Mon, 11 Sep 2000 00:44:12 -0700 


I agree with Adrian on this.

      Even though you could set a pass phrase on the key, you end up with a
      nightmare of a password management headache unless you make the phrase the
      same, and then you're back to square one.

      There is just no substitute for good security in the first place. Once
      someone is onto your box they can steal all your keys and/or just read
      them all out of memory, apparently easy to do if you're root.

      So IMHO, a single key is no less secure and a lot easier to manage !

      HTH,

      Simon Wilcox.






Please respond to [EMAIL PROTECTED]

             (Embedded image moved to file: pic17060.pcx) (Embedded image moved
to file: pic31381.pcx)

        From           Adrian Stovall <[EMAIL PROTECTED]>
                     Date   8 September 2000
             (Embedded image moved to file: pic15781.pcx)   (Embedded image
moved to file: pic18039.pcx)
                                                                           
                "'[EMAIL PROTECTED]'"                Time      15:25 
       To       <[EMAIL PROTECTED]>                                  
                                                                           

             (Embedded image moved to file: pic15853.pcx)   (Embedded image
moved to file: pic18934.pcx)

              Copy to           (bcc: Simon Wilcox/BASE/WilliamsLea)
             (Embedded image moved to file: pic05642.pcx)

                           Fax to
             (Embedded image moved to file: pic19187.pcx)

                  Subject        RE: server.key
             (Embedded image moved to file: pic25532.pcx)





I will agree that this is true, however...the odds of someone getting (by
hacking your system?) _one_ key is probably about the same as them getting
all of your keys, if they've gotten that far into your machine.  Once basic
security is overrun, everything else is out the window.

> -----Original Message-----
> From: Giuliano Cocchi [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 08, 2000 2:21 AM
> To: [EMAIL PROTECTED]
> Subject: RE: server.key
>
>
> Yes it's true.
> Create a server key for each domain hosted.
>
>
> >
> > I disagree...
> >
> >
> > Technically it will work, but if someone gets that _one_
> key, they can
> > impersonalte ALL of your secure sites.  I don't think that
> is a very good
> > idea.  It is not that hard to create a key for each certificate you
> > request, and it is MUCH more secure.
> >
> >
> >
> >
> > Rick Widmer
> > Internet Marketing Specialists
> > http://www.developersdesk.com
> >
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > User Support Mailing List
> [EMAIL PROTECTED]
> > Automated List Manager
> [EMAIL PROTECTED]
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]











______________________________________________________________________


   This email contains proprietary information some or all of which may be
   legally privileged.  It is for the intended recipient only. If an addressing
   or transmission error has misdirected this email, please notify the author by
   replying to this email. If you are not the intended recipient you must not
   use, disclose, distribute, copy, print, or reply on this email.

pic17060.pcx

pic31381.pcx

pic15781.pcx

pic18039.pcx

pic15853.pcx

pic18934.pcx

pic05642.pcx

pic19187.pcx

pic25532.pcx

Reply via email to