[Ach] StartSSL for Business Sysadmins

Tobias Dussa (SCC) tobias.dussa at kit.edu
Mon Jan 13 11:36:04 CET 2014


On Mon, Jan 13, 2014 at 01:06:38PM +0300, ianG wrote:
> > Still, even modest progress would make a big difference IMHO, and I am dead
> > certain that a LOT of people would really appreciate sound advice on this
> > matter.  Yes, there are many, many guides and papers on this, and most of them
> > are utter bullshit.  If we agree that we won't cover anything X.509-related
> > because it's too much of an effort, so be it.  I do think that exactly BECAUSE
> > it is so hard apparently people need good advice all the way, even if it is not
> > the all-encompassing Grand Unified Theory of All Things X.509.
> That's absolutely true.  People would appreciate good advice, and it's
> really needed.  I spent around 6 years on that project, so I know that,
> for sure.  Which might explain why I'm a bit brutal on this topic...
> If you wanted to do that, provide good advice, I'd say set up a separate
> document and a separate mailing list.

I have had to do that and I will continue to improve on that, but that is beside
the point.  I had hoped and still hope that security aspects and implications
of X.509 will be covered in this already excellent project, because IMHO things
X.509 are a part of cryptographic reality in the net these days that will not go
away easily, and these aspects should really be includned in our paper IMHO.

Hex is for sissies. Real men use binary. And the most hardcore types
use only zeros --- uppercase zeros and lowercase zeros.
                                       ---Tomasz Sowinski


Karlsruhe Institute of Technology (KIT)
Steinbuch Centre for Computing (SCC)

Tobias Dussa
CERT Manager, CA Manager

Zirkel 2
Building 20.21
76131 Karlsruhe, Germany

Phone: +49 721 608-42479
Fax: +49 721 608-9-42479
Email: tobias.dussa at kit.edu
Web: http://www.kit.edu/

KIT – University of the State of Baden-Wuerttemberg and
National Laboratory of the Helmholtz Association
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4490 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140113/b85027ca/attachment.bin>

More information about the Ach mailing list