After all my wrangling, I'm leaning towards just using client certs.
Is it a reasonable assumption that on UNIX'es these days I can
expect to find libssl.so AND the openssl command line?
If not, is it reasonable to assume that A sysadmin will
install openssl to get my app to work?
Otherwise, it would seem that something as easy and well
documented as creating a CSR could be a lot more coding...
Many thanks for all the useful comments!
Kris
On 10/27/11 7:20 AM, Michael S. Zick wrote:
On Wed October 26 2011, Kristen J. Webb wrote:
Having an app that can use certs, it
appears, is nothing compared with how to deploy it and manage those certs ;)
A general truism not specific to "certs".
Recognizing (or implementing) a "need for trust" is one thing;
Determining (or establishing) what is to be trusted is quite another.
Consider:
Your roof leaks.
Its easy to find a contractor who claims they will fix it.
Its an entirely different matter to find one you can __trust__ to do
the job correctly and to your satisfaction.
Mike
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
--
Mr. Kristen J. Webb
Teradactyl LLC.
PHONE: 1-505-242-1091
EMAIL: kw...@teradactyl.com
VISIT: http://www.teradactyl.com
Home of the
True incremental Backup System
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
