Stefan Kelm schrieb:
>
> Roland,
>
> > Actually, the private key stays on the smartcard. Data must be transfered to the
> > smartcard for signing. That is why smartcards would presumably slow down SSL.
>
> I can't see why storing the server's private key on a smartcard would slow
> down SSL. If
Roland,
> Actually, the private key stays on the smartcard. Data must be transfered to the
> smartcard for signing. That is why smartcards would presumably slow down SSL.
I can't see why storing the server's private key on a smartcard would slow
down SSL. If I'm not completely mistaken the serve
> If you need a lot of hits/sec (a smart card can't handle
> many) you can use a hardware accelerator like the Ncipher
> (what I'm using) or Rainbow accelerators
and now I'm lost again. Surely the certificate only needs to
be loaded (and therefore the passp
-BEGIN PGP SIGNED MESSAGE-
On Tue, 27 Apr 1999, Paul Rubin wrote:
>
> Very good question Wade - it was a topic of discussion in our
> office yesterday. My problem with the server prompting a
> password for cert files is that it impedes the automatic
> system sta
Ben Laurie wrote:
> Boyce, Nick wrote:
> >
> > OK. I'm confused (;-). I thought I understood the
> > load-the-certificate-at-Apache-startup issue, but then ...
> >
> > On 28th.April,1999 Paul Rubin wrote :-
> >
> > > If you need a lot of hits/sec (a smart card can't handle many) you can
> > > u
On Wed, 28 Apr 1999, Ben Laurie wrote:
> > and now I'm lost again. Surely the certificate only needs to be loaded (and
> > therefore the passphrase needs to be entered) *once* after Apache startup ?
> > Are you saying it has to be loaded every time the server gets a hit from a
> > browser !!???!?
>as I can tell, this is the kind of gear that banks and brokerages are
>using to protect data that, if compromised, could wreak havoc costing
>not just millions, but potentially billions (10**9's) of dollars. (If
>you know of something better, please tell me).
I think I know what you mean, but yo
> Netscape servers have PKCS11 support so you can store the key in a
> secure token (i.e. smart card). I think it would be good if modssl
> also supported something like this.
mod_ssl already _DOES_ support this ;) All you've to write is
a program for yo
> Anyway, if you have really serious SSL security
> requirements, this is the kind of stuff you have to use.
> You can't do it with pure software.
Hmm. So I end up with a slow computer which very few people
have reviewed the design of, that I still have to
Boyce, Nick wrote:
>
> OK. I'm confused (;-). I thought I understood the
> load-the-certificate-at-Apache-startup issue, but then ...
>
> On 28th.April,1999 Paul Rubin wrote :-
>
> > If you need a lot of hits/sec (a smart card can't handle many) you can
> > use a hardware accelerator like the N
OK. I'm confused (;-). I thought I understood the
load-the-certificate-at-Apache-startup issue, but then ...
On 28th.April,1999 Paul Rubin wrote :-
> If you need a lot of hits/sec (a smart card can't handle many) you can
> use a hardware accelerator like the Ncipher (what I'm using) or
> Rainbow
Programs that write certs and private keys out to disk
generally put some kind of password protection on them. This
makes sense in connection with client certs where the user can
be prompted for a cert store password. What about cert files
on servers? Is it
Programs that write certs and private keys out to disk generally put
some kind of password protection on them. This makes sense in connection
with client certs where the user can be prompted for a cert store password.
What about cert files on servers? Is it common for them to not use password
prot
13 matches
Mail list logo
