On Wed, Nov 1, 2017 at 2:08 PM, Steffan Karger wrote:
> Coming back to tls-crypt/tls-auth key rotation: the preferred way is
> what Ilya suggested: add a new openvpn daemon which is using the new key
> and is running on another port, then migrate your clients to the new
> server and finally kill t
Hello,
On 2017-11-01 02:08 PM, Steffan Karger wrote:
> Hi,
>
> On 01-11-17 17:16, Jan Just Keijser wrote:
>> On 29/10/17 02:49, Jason Haar wrote:
>>> Best practice would be to routinely rotate secrets, to mitigate
>>> configuration misuse/loss, etc.
>>>
>>> Due to CAs, certificates already suppor
Hi,
On 01-11-17 17:16, Jan Just Keijser wrote:
> On 29/10/17 02:49, Jason Haar wrote:
>> Best practice would be to routinely rotate secrets, to mitigate
>> configuration misuse/loss, etc.
>>
>> Due to CAs, certificates already support that concept,
>> but tls-auth/tls-auth do not.
>>
>> So wouldn'
Hi Jason,
On 29/10/17 02:49, Jason Haar wrote:
Best practice would be to routinely rotate secrets, to mitigate configuration
misuse/loss, etc.
Due to CAs, certificates already support that concept, but tls-auth/tls-auth do
not.
So wouldn't it be a good idea to allow tls-auth/tls-crypt to con
