On Thu, Nov 14, 2013 at 07:02:58AM +0100, Kaspar Brand wrote: > On 13.11.2013 15:28, Dr Stephen Henson wrote: > > I can vaguely recall that some of that code is designed to avoid the need to > > enter the private key passphrase more than once by decrypting private keys > > once > > and storing the unencrypted forms in serialised form. > > True, it allows to SIGHUP/SIGUSR1 httpd without having to reenter a > passphrase. But my point is a different one, actually: why do we want to > enable users to protect file-based keys with a pass phrase in the first > place? As the article on the Symantec (formerly Securityfocus) site > says: "It is not only inconvenient, but also gives a false sense of > security."
I've also always been a sceptic of this (mis)feature, so I hate to be one to defend it. But demand comes from: a) people who want the ability to do filesystem backups without exposing private keys to the set of admins who can read such backups; or e.g. stick keys on NFS mounts, a similar requirement there. b) people who like or are required to follow "security by checklist" or "security by regulator"; some auditor has "No Plaintext Keys !!!" on the checklist, and so we must not use plaintext keys, no argument. I'm most sceptical of all about (b) as motivation for increasing software complexity, but (a) I can at least appreciate. Regards, Joe