On Thu, 2013-09-12 at 15:13 +0100, [email protected] wrote: > Gnutls may be usable as an alternative to Openssl. > It's already in Debian, new to me.
What's wrong with OpenSSL that GNUTLS get's right ? Simo. > > On Thu, Sep 12, 2013 at 03:06:46PM +0100, Keith wrote: > >> After further thought: > >> > >> With a CA on each freedombox we could have something like this > >> > >> Create a CA using (options used could be changed) > >> openssl genrsa -des3 -out "Freedombox CA.key" 4096 > > > > Is there any remote change to use a different crypto library/tool > > than OpenSSL? I realize that the license issues preclude many > > of potential alternatives from inclusion in Debian. > > > >> openssl req -new -x509 -days 3650 -key "Freedombox CA.key" -out > >> "Freedombox CA.pem" > >> > >> Possibly replace any snakeoil keys created by Debian (Postfix uses 2048 > >> bits, could use 4096 bits if Postfix is the MTA used). > >> > >> Include in Plinth an option for a freedom box to obtain ssl keys with > >> the Freedombox CA. No interface to an external website, openssl can do > >> this. > >> > >> The public key of the Freedombox CA could be published, to be imported > >> into someone else's browser, could be a problem with multiple Freedombox > >> CA's with the same name. > >> > >> Possibly a paranoid option to rotate the ssl keys on the freedom box > >> running manually and/or as a cron job (Now doing this daily with one of > >> my mailservers). > > _______________________________________________ > > Freedombox-discuss mailing list > > [email protected] > > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss > > > > _______________________________________________ > Freedombox-discuss mailing list > [email protected] > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
