On 12/01/2014 08:15 PM, Daniel Ruggeri wrote:
A side note on SSL/security: I had the idea a few years back that there is probably enough content to do a "here is 5 minutes about how to configure SSL in httpd" and then 50 minutes of other important security topics (What Ciphers should I enable? Should I use SSLv3 any more? How to treat my keys and what the hell is an HSM anyway? Passphrase encrypted keys or not? Should I trust my distro's build?). Thoughts are welcome on that topic... not sure if I'm overly paranoid or if these are things that people actually want to hear?
Given the focus on SSL in the last year, I think that a talk exactly like that would be appreciated, and could even be a great talk to use to market the track as a whole. I think a lot of people are waking up to the fact that they have no idea what SSL/TLS actually is, and some in-depth teaching on it seems like it would be welcome.
--Rich -- Rich Bowen - rbo...@rcbowen.com - @rbowen http://apachecon.com/ - @apachecon