On Fri, Sep 28, 2007 at 08:37:12PM +0530, Urjit Gokhale wrote:
> > > > considered as proposition to discussion. Real, secure programming
> should
> > > > be based on existing, well checked protocols (which is possible in
> this
> > > > case).
> > >
> > > The OP was going to embed his CA's private key in his installer.
> >
> > The OP was not thinking clearly about key management. My first response
> > to the OP outlined what needs to be done for key-management (a human
> > assisted enrollment process).
>
> Thank you all for all the responses and the discussion.
> I learn from this discussion, that for a complete secured system, I need to
> consider the key management in better fashion. I will definitely think over
> it.
> But for now, I would like you guys to comment if the scheme of allowing the
> admin to create certificate through installer work ?
Turning security off "works", shipping the CA private key to every
machine turns off security.
> I am assuming that the admin will guard the installer (and hence the cert
> generation capability) well, so that no one else gets to create a CA signed
> cert.
This assumption seems unwarranted, and with global distribution of the
CA private key it only takes the compromise of one machine to break
security globally. I'd be hard-pressed to endorsee this design.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
