I'll probably reveal my ignorance of SSL here, but it is worrisome to me that we distribute a PEM file that contains a default server key and certificate. This seems like an exceedingly bad idea.
We also distribute a private key to be used for sftp. (Shouldn't there be a corresponding public key?) This seems like a very bad idea too. The good news is that neither are these are enabled by default, however, there are commented examples in the configuration file with comments blithely telling people to uncomment them to get HTTPS or SFTP support, using public "private" keys. Am I missing something? BTW, are there tests of the HTTPS and SFTP support? Jim -- Jim Fulton mailto:[EMAIL PROTECTED] Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org _______________________________________________ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
