On Tue 2005-May-17 09:23:12 +1000, Adam Conrad wrote: > Perhaps the more interesting question for you is: Why do you use > passphrases on your SSL certs? If they're only readable by root, what > have you gained with a passphrase?
My reason for using a passphrase protected key (and stumbling right into the logrotate problem) is that this key is used for a certificate physically present on several machines -- and the backups thereof! I do realize that if "online" access as root is gained, I'm doomed. However, trying to protect against the situation where someone gets "offline" access to a copy of the file seems to be a very valid reason. Just the same reason for which you're protecting your private PGP key with a passphrase... Regards, Marcus -- Marcus C. Gottwald <[EMAIL PROTECTED]> Quantum Hydrometrie GmbH, Berlin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]