Re: Managing SSL certificates

To: debian-devel@lists.debian.org
Subject: Re: Managing SSL certificates
From: Peter Palfrader <weasel@debian.org>
Date: Sat, 15 Oct 2005 23:57:33 +0200
Message-id: <[🔎] 20051015215733.GB1963@asteria.noreply.org>
Mail-followup-to: Peter Palfrader <weasel@debian.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20051015214310.GA18588@tennyson.dodds.net>
References: <[🔎] 1129378250.6350.33.camel@esme.liw.iki.fi> <[🔎] 20051015133540.GZ29447@asteria.noreply.org> <[🔎] 20051015214310.GA18588@tennyson.dodds.net>

On Sat, 15 Oct 2005, Steve Langasek wrote:

> On Sat, Oct 15, 2005 at 03:35:40PM +0200, Peter Palfrader wrote:
> 
> > There aren't that many good reasons for having one cert per service
> > anyway,
> 
> Preserving isolated security contexts for each service without having to
> make the private key readable to all local users?

/etc/ssl/private is 700, and I keep my keys there on most computers.  I
can't remember having seen any problem with this with the services I've
run so far.  This suggests that they all read the stuff while they are
still being able to do that (and only setuid() later, if at all).

-- 
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/

Reply to:

References:
- Managing SSL certificates
  - From: Lars Wirzenius <liw@iki.fi>
- Re: Managing SSL certificates
  - From: Peter Palfrader <weasel@debian.org>
- Re: Managing SSL certificates
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: Managing SSL certificates
Next by Date: Re: Effort to change IETF's copying conditions for RFCs
Previous by thread: Re: Managing SSL certificates
Next by thread: Re: Managing SSL certificates
Index(es):
- Date
- Thread