[Ach] StartSSL for Business Sysadmins
Andreas Mirbach
a.mirbach at me.com
Sun Jan 12 18:24:08 CET 2014
Hi Aaron,
in my opinion a security guide that discuss just a view cipher oders has no value at all. The document title is applied crypto hardening and it is aimed to be a copy and paste reference for sysadmins. In an "applied" real world scenario there are CAs involved in the crypto chain. It is essential to understand crypto security as a process of many things come and work together. It's not just some console commands and the use of commonly thusted ciphers.
I agree with you that this i maybe a topic for a second document.
Sent from my iPad
> On 12.01.2014, at 17:38, "L. Aaron Kaplan" <kaplan at cert.at> wrote:
>
>
> Hi,
>
>
>> On Jan 12, 2014, at 5:35 PM, Aaron Zauner <azet at azet.org> wrote:
>>
>> Hi,
>>
>> regarding recent discussion of Certificate Authorities and where/how to
>> buy stuff: in my opinion that is not something we should discuss here,
>> neither in the paper nor on the mailing list. This information is easily
>> available on the internet. We also do not need a guide for that as ahmad
>> suggested. I'm sorry, but that's not only out of scope but marketing for
>> commercial vendors that make their money by providing a false sense of
>> trust. And they are in fact doing it very poorly, often involving
>> security risk for customers or sub-CAs.
>
> To add to this:
>
> The disclaimer section says:
>
> "This guide does not talk much about the well-known insecurities of trusting a public-key infrastructure (PKI). Nor does this text fully explain how to run your own Certificate Authority (CA)."
>
> Maybe this should move to a separate guide? It is indeed a big topic.
>
> a.
>
>
>
> ---
> // L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
> // CERT Austria - http://www.cert.at/
> // Eine Initiative der nic.at GmbH - http://www.nic.at/
> // Firmenbuchnummer 172568b, LG Salzburg
>
>
>
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
More information about the Ach
mailing list