On Mon, Feb 28, 2005 at 09:38:30AM -0500, Alamood, Bahaaldin wrote: > Date: Mon, 28 Feb 2005 09:38:30 -0500 > From: "Alamood, Bahaaldin" <[EMAIL PROTECTED]> > To: [email protected] > Reply-To: [email protected] > Subject: RE: [OpenCA-Devel] scp dataexchange > > Here is the way we use the scp method for data exchange > > 1. On the CA machine which it has NO connection to the internet at all I > set up a firewall rule to reject any connection to the CA regardless of > it source. The network interface only brought up when there is a need [snip]
That's how high security CA should work and I'd operate in the same. My point was that we should warn user about not exposing ssh private key. I think ther're a lot of users who setups openca for testing purpose. And if they use scp dataexchange in the same way as guide purpose, they may open a security hole. Best wishes -- Alexei Chetroi Smile... Tomorrow will be worse. (c) Murphy's Law ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ OpenCA-Devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-devel
