[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    Re: SMTP TLS, SMTP AUTH, POP TLS -a plea
From:       Eugen Leitl <eugen () leitl ! org>
Date:       2004-10-22 12:53:58
Message-ID: 20041022125357.GQ1457 () leitl ! org
[Download RAW message or body]

On Fri, Oct 22, 2004 at 10:35:47PM +1000, Damien Miller wrote:

> No way. There is nothing worse than seeing "Snake Oil" or localhost
> certificates on the net. Don't encourage bad practice.

Your CA wants to see your ID? Great. Mine doesn't. So what's your CA's worth
again, now? At least I know what's in those jars thar. Cause I brewed them
myself.

> I really hope that you don't ship the same key and cert to all your
> users.

No. You generate it at setup, using whatever entropy pool the system has.

--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 0.98d removed an attachment of type application/pgp-signature]

[prev in list] [next in list] [prev in thread] [next in thread]