Re: server certificates/key pairs and CA directories

To: Daniel Pocock <daniel@pocock.pro>
Cc: debian-devel@lists.debian.org, 790943@bugs.debian.org
Subject: Re: server certificates/key pairs and CA directories
From: Antti Järvinen <antti.jarvinen@katiska.org>
Date: Mon, 3 Aug 2015 01:16:31 +0300
Message-id: <[🔎] 21950.38591.288120.975137@muikku.katiska.org>
In-reply-to: <[🔎] 55BDD9D2.3010603@pocock.pro>
References: <[🔎] 55BDD9D2.3010603@pocock.pro>

Daniel Pocock writes:

 > Looking through various Debian boxes, I can't help noticing a range of
 > directories under /etc/ssl, e.g.

I have no idea if this has been discussed before but what it comes to
private key storage, there is program named tpmtool (part of GnuTLS)
that allows storing private keys in place out-of-the-filesystem. I
have not tried using it myself so I don't know if there is useful API
available or anything - just the idea seems good to me -> so maybe
advocating usage of that method might be the Correct Way? Also
fallback option should be in place for HW where TPM chip is not
present.. 

--
Antti Järvinen

Reply to:

References:
- Re: server certificates/key pairs and CA directories
  - From: Daniel Pocock <daniel@pocock.pro>

Prev by Date: Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide
Next by Date: Re: server certificates/key pairs and CA directories
Previous by thread: Re: server certificates/key pairs and CA directories
Next by thread: Re: server certificates/key pairs and CA directories
Index(es):
- Date
- Thread