On 2011-11-14 03:51 +0100 (Mon), jb-open...@wisemo.com wrote:
> Running outside TLS context will also allow you to manage
> key selection independently of socket level connection setup [etc. etc.]
Yes, I've actually considered rolling my own cryptosystem for this
stuff. For example, in some situations it would be faster for me to
RSA-sign a single message than symmetrically encrypt the same (or
a similar) message thousands of times to send it to thousands of
destinations.
But that's not a step to be taken lightly.
> ...with certificate and client certificate checking against your own
> private CA only (so a Comodo incident will not affect it).
Yes, my PKI is entirely private, with no connection to any other PKI.
The certificates aren't even compatible.
cjs
--
Curt Sampson <c...@cynic.net> +81 90 7737 2974
http://www.starling-software.com/
I have always wished for my computer to be as easy to use as my telephone;
my wish has come true because I can no longer figure out how to use my
telephone. --Bjarne Stroustrup
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
