Merci pour les info..
I have a small project with Openssl and we chose to work with PKI. we made a CA generated certificates and implemented them. we need to do some more stuff, any suggestions..?? we thought of online CA.... but it seems to be difficult to implement... : ) so any suggestion would be helpful Merci a tous.. Abbass Marouni > Date: Fri, 15 Jan 2010 10:30:17 -0800 > Subject: Re: PKI with openssl online > From: aerow...@gmail.com > To: openssl-users@openssl.org > > I truly, truly wish that people would stop thinking themselves into > the "crypto box". > > A CA needs to be only as secure as the things that its certificates > secure. In this case, if they're trying to create user authentication > certificates for their customers so that they can have the full > benefits of mutual authentication (which benefits include immunity > from the recent prefix-injection attack, among others), why shouldn't > their issuing CA be online? No entity other than their authentication > server needs to trust that CA. > > However, to the OP: you can't really do that on any free server where > you cannot run your own custom script code. The processes defined for > X.509 and PKIX certificate request and issuance are such that it's > impossible to implement using a standard HTTP server that doesn't > allow code extension. > > -Kyle H > > On Thu, Jan 14, 2010 at 12:27 PM, John R Pierce <pie...@hogranch.com> wrote: > > Abbass Marouni wrote: > >> > >> I have a project, in which I am asked to implement an online Certificate > >> Authority. > >> we will be using website hosted in a free server.(Geocities,...). > > > > wasn't geocities shut down finally, after stagnating for the last decade? > > > > anyways, AFAIK, it never let you use any sort of server side scripting or > > programming, so would be totally unsuitable for your uses. > > > > by its very nature, a CA has to be on a very secure system or its pretty > > much worthless. free hosts really don't suit that. > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org _________________________________________________________________ Windows Live: Make it easier for your friends to see what you’re up to on Facebook. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009
