[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-modssl
Subject:    Re: Apache SSL Private Keys
From:       Rich Salz <rsalz () zolera ! com>
Date:       2001-11-30 13:12:21
[Download RAW message or body]

> Therefore, the passphrase only protects the key if it is removed from your
> server, but as has been shown, being able to remove the key requires (or
> should require) root privileges. QED.

No, the passphrase protects the key during the time when root may have
access to the machine *any time your server isn't running.*  That could
be during a forced reboot, down for backups or other maintenance, etc. 
(In addition, most web servers run under a different ID, so the
adversary has twice TWO accounts to attack if it wants to look at a
coredump. :)

Anyone who has a machine under someone else's physical control (e.g.,
co-location service or corporate IT department) should use a passphrase
and forgo auto-reboot.  Or make sure they realize the risks.
	/r$
-- 
Zolera Systems, Securing web services (XML, SOAP, Signatures,
Encryption)
http://www.zolera.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

[prev in list] [next in list] [prev in thread] [next in thread]