[Ach] StartSSL for Business Sysadmins
Martin Rublik
martin.rublik at gmail.com
Sun Jan 12 19:03:24 CET 2014
On 12. 1. 2014 18:35, L. Aaron Kaplan wrote:
>
> On Jan 12, 2014, at 6:24 PM, Andreas Mirbach <a.mirbach at me.com> wrote:
>
>> Hi Aaron,
>>
>> in my opinion a security guide that discuss just a view cipher oders has
>> no value at all. The document title is applied crypto hardening and it is
>> aimed to be a copy and paste reference for sysadmins. In an "applied"
>> real world scenario there are CAs involved in the crypto chain. It is
>> essential to understand crypto security as a process of many things come
>> and work together. It's not just some console commands and the use of
>> commonly thusted ciphers.
>>
>
> Andreas,
>
> you might be right but in the beginning we had to make some decisions what
> is "in scope" in the first version and "out of scope" and might be put into
> a later version or a different document (which of course should be
> referenced).
>
> At that time, we all looked at the PKI issues and were saying to ourselves:
> "if we document all that we are never going to be finished " ;-) That's why
> became "out of scope" for the first version.
IMHO, in such case I would completly skip the section on setting up your own
CA. Without more information it is going to cause more harm than good.
Finally a word on key management and key files would be more useful. I've seen
a few times private key "backed up" on a publicly available web server.
Martin
More information about the Ach
mailing list