Re: SSL for debian.org/security?

To: Andreas Kuckartz <a.kuckartz@ping.de>
Cc: Hans-Christoph Steiner <hans@at.or.at>, debian-security@lists.debian.org
Subject: Re: SSL for debian.org/security?
From: Pedro Worcel <pedro@worcel.com>
Date: Tue, 12 Nov 2013 22:34:29 +1300
Message-id: <[🔎] CAPS+U984skUez8i1uP0v6ubKMnk4K4Ny8f4d2mwm+5gRRD-Gfw@mail.gmail.com>
In-reply-to: <[🔎] 5281C93A.8040503@ping.de>
References: <CAAy1gkeUt_jr0uDt0B=HdnAZnmmHDqygrwgYg4dU7X9zjVUrSA@mail.gmail.com> <526F7FDF.7030601@tightwax.com> <CAM5XQnxCxogD4JMaqyS27zzsorFZ-G8Dsa_71sABGFQHChmrag@mail.gmail.com> <526F855D.1080507@gmail.com> <[🔎] CAF8px56hAkiE8_GiV=jr0AWiNdfhUF-x7-7oeCwe5VGGT1M_cA@mail.gmail.com> <[🔎] CAKS89GrBGt0Uyq0bSn6GnO-QQ5xz8f3kVDGGvc8QDUJbWOdvvg@mail.gmail.com> <[🔎] 52818C3A.6050000@at.or.at> <[🔎] 5281C93A.8040503@ping.de>

Also, what is to prevent someone interfering with the creation of the certificate that will be embedded in the device (or poor pseudo-random while generating it, etc.), and what would be the cost of replacing the certificate inside the device once/if compromised?

2013/11/12 Andreas Kuckartz <a.kuckartz@ping.de>

Hans-Christoph Steiner:

> The crypto smartcard (aka Hardware Security Module) are some work to setup,
> but not really all that much. And they are easy to use once setup. And they
> provide a huge boost in the security of the certificate.

Such hardware also costs a significant amount of money. Are there better
ways to spend money to improve the security ?

Cheers,
Andreas

--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: [🔎] 5281C93A.8040503@ping.de" target="_blank">http://lists.debian.org/[🔎] 5281C93A.8040503@ping.de

GPG: http://is.gd/droope

Reply to:

Follow-Ups:
- Re: SSL for debian.org/security?
  - From: Hans-Christoph Steiner <hans@at.or.at>

References:
- Re: SSL for debian.org/security?
  - From: Mike Mestnik <cheako@mikemestnik.net>
- Re: SSL for debian.org/security?
  - From: Jérémie Marguerie <jeremie@marguerie.org>
- Re: SSL for debian.org/security?
  - From: Hans-Christoph Steiner <hans@at.or.at>
- Re: SSL for debian.org/security?
  - From: "Andreas Kuckartz" <a.kuckartz@ping.de>

Prev by Date: Re: SSL for debian.org/security?
Next by Date: Re: SSL for debian.org/security?
Previous by thread: Re: SSL for debian.org/security?
Next by thread: Re: SSL for debian.org/security?
Index(es):
- Date
- Thread