On Thu, Apr 24, 2014 at 11:39:42AM -0400, Paul Wouters wrote:
> On Thu, 24 Apr 2014, Florian Weimer wrote:
>
> >I don't think "openssl genrsa 2048" has this issue on today's
> >machines. (I know I saw it with GNUTLS.)
>
> I was sceptical, so I tried this on a freshly booted VM:
>
> root@bofh:~#
On 04/24/2014 08:39 AM, Paul Wouters wrote:
On Thu, 24 Apr 2014, Florian Weimer wrote:
I don't think "openssl genrsa 2048" has this issue on today's
machines. (I know I saw it with GNUTLS.)
I was sceptical, so I tried this on a freshly booted VM:
root@bofh:~# virsh start north
Domain north
On Thu, Apr 24, 2014 at 10:10:15AM -0400, Adam Jackson wrote:
> On Thu, 2014-04-24 at 15:47 +0200, Florian Weimer wrote:
> > I'm working on advice on automated X.509 certificate generation during
> > package installation.
> >
> > One aspect is that these files obviously have to be generated on th
On 04/24/2014 05:39 PM, Paul Wouters wrote:
On Thu, 24 Apr 2014, Florian Weimer wrote:
I don't think "openssl genrsa 2048" has this issue on today's
machines. (I know I saw it with GNUTLS.)
I was sceptical, so I tried this on a freshly booted VM:
root@bofh:~# virsh start north
Domain north
On Thu, 24 Apr 2014, Florian Weimer wrote:
I don't think "openssl genrsa 2048" has this issue on today's machines. (I
know I saw it with GNUTLS.)
I was sceptical, so I tried this on a freshly booted VM:
root@bofh:~# virsh start north
Domain north started
root@bofh:~# ssh root@north
Last logi
On 04/24/2014 04:20 PM, Paul Wouters wrote:
On Thu, 24 Apr 2014, Florian Weimer wrote:
I'm working on advice on automated X.509 certificate generation during
package installation.
I would strongly recommend doing it on first service start. I've lived
through the FreeS/WAN times and my experie
Paul Wouters writes:
> [...]
> How many packages would actually perform any kind of "opportunistic
> encryption"? I know the mail servers prefer a selfsigned cert over no
> cert whatsoever, but what other applications have this issue of "better
> unknown certificate than plaintext" ?
Probably al
On Thu, 2014-04-24 at 15:47 +0200, Florian Weimer wrote:
> I'm working on advice on automated X.509 certificate generation during
> package installation.
>
> One aspect is that these files obviously have to be generated on the
> system during installation (or first service start) and cannot be
On Thu, 24 Apr 2014, Florian Weimer wrote:
I'm working on advice on automated X.509 certificate generation during
package installation.
I would strongly recommend doing it on first service start. I've lived
through the FreeS/WAN times and my experience with it for 15+ years
caused us (in libre
I'm working on advice on automated X.509 certificate generation during
package installation.
One aspect is that these files obviously have to be generated on the
system during installation (or first service start) and cannot be
shipped in the package. Some existing RPMs just drop files into
10 matches
Mail list logo
