[Ach] StartSSL for Business Sysadmins

Tobias Dussa (SCC) tobias.dussa at kit.edu
Mon Jan 13 11:36:04 CET 2014 

Hi,

On Mon, Jan 13, 2014 at 01:06:38PM +0300, ianG wrote:
> > Still, even modest progress would make a big difference IMHO, and I am dead
> > certain that a LOT of people would really appreciate sound advice on this
> > matter.  Yes, there are many, many guides and papers on this, and most of them
> > are utter bullshit.  If we agree that we won't cover anything X.509-related
> > because it's too much of an effort, so be it.  I do think that exactly BECAUSE
> > it is so hard apparently people need good advice all the way, even if it is not
> > the all-encompassing Grand Unified Theory of All Things X.509.
> That's absolutely true.  People would appreciate good advice, and it's
> really needed.  I spent around 6 years on that project, so I know that,
> for sure.  Which might explain why I'm a bit brutal on this topic...
> If you wanted to do that, provide good advice, I'd say set up a separate
> document and a separate mailing list.

I have had to do that and I will continue to improve on that, but that is beside
the point.  I had hoped and still hope that security aspects and implications
of X.509 will be covered in this already excellent project, because IMHO things
X.509 are a part of cryptographic reality in the net these days that will not go
away easily, and these aspects should really be includned in our paper IMHO.

Cheers,
Toby.
-- 
Hex is for sissies. Real men use binary. And the most hardcore types
use only zeros --- uppercase zeros and lowercase zeros.
                                       ---Tomasz Sowinski

----

Karlsruhe Institute of Technology (KIT)
Steinbuch Centre for Computing (SCC)
KIT-CERT

Tobias Dussa
CERT Manager, CA Manager

Zirkel 2
Building 20.21
76131 Karlsruhe, Germany

Phone: +49 721 608-42479
Fax: +49 721 608-9-42479
Email: tobias.dussa at kit.edu
Web: http://www.kit.edu/

KIT – University of the State of Baden-Wuerttemberg and
National Laboratory of the Helmholtz Association
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4490 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140113/b85027ca/attachment.bin>

More information about the Ach mailing list