Ben Laurie <[EMAIL PROTECTED]> writes:
> Ian G wrote:
>> Ben Laurie wrote:
>> ...
Hopefully over the next year, the webserver (Apache)
will be capable of doing the TLS extension for sharing
certs so then it will be reasonable to upgrade.
>>>
>>>
>>> In fact, I'm told (I'll dig up th
Ben Laurie wrote:
> If they share an IP address (which they must, otherwise there's no
> problem), then they must share a webserver, which means they can share a
> cert, surely?
this is a semantic nit ... certs are typically distributed openly and
freely ... so potentially everybody in the world h
Ian G wrote:
> Ben Laurie wrote:
> ...
>>> Hopefully over the next year, the webserver (Apache)
>>> will be capable of doing the TLS extension for sharing
>>> certs so then it will be reasonable to upgrade.
>>
>>
>> In fact, I'm told (I'll dig up the reference) that there's an X509v3
>> extension t
Ben Laurie wrote:
...
Hopefully over the next year, the webserver (Apache)
will be capable of doing the TLS extension for sharing
certs so then it will be reasonable to upgrade.
In fact, I'm told (I'll dig up the reference) that there's an X509v3
extension that allows you to specify alternate
Ian G wrote:
>
>> BTW, illustrating points made here, the cert is for
>> financialcryptography.com
>> but your link was to www.financialcryptography.com. So of course Firefox
>> generated a warning
>
> Indeed and even if that gets fixed we still have
> to contend with:
>
> * the blog
Chris Palmer writes:
-+--
|
| [EMAIL PROTECTED] writes:
| > You know, as a security person, I say all the time that the greatest
| > threat is internal threat, not external threat. In my day job, I/we
| > make surveillance tools to prevent data threat from materializing, and
Jack Lloyd <[EMAIL PROTECTED]> writes:
>Does anyone know of any 'standard' [*] ways of encrypting private keys in the
>usual PKCS #8 format without using password-based encryption? It is obviously
>not hard to do, as you can stick whatever you like into the
>encryptionAlgorithm field, so it would