Rob, You make perfect sense and I agree when a web server is involved. I have only TN3270 traffic and realy don't see the need especially since all TN3270's are on the private LAN or VPN... It is not my job to argue with these guys I just do the work ... But I did convince him that the 3278 coax attached system console need not be encrypted.
Tom -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] Behalf Of Rob van der Heij Sent: Thursday, May 22, 2008 1:36 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: SSL CERTIFICATE On Thu, May 22, 2008 at 2:36 AM, John Summerfield <[EMAIL PROTECTED]> wrote: > Huegel, Thomas wrote: >> >> Well, yes I can (did) make a SELF-SIGNED certificate and it works fine. >> But my auditor doesn't like it. > > Why? Isn't it like when the cops pull you over and you show them a hand-written piece of paper that says "Driver's License" and when they question it, you point at your own signature at the bottom. Nor do we think the customer card of the local pizza place is a valid identification. Back then we had a big scene when someone managed to get through airport security with a children's "passport" of a big amusement park... When you generate your own master certificate, the private parts of that may not be as safely protected as the professional CA's do. If you now told your users to trust you (that is, install your certificate into their browser) then if someone steals your private keys, they can sign whatever they like and all your users will trust it. If they use that to set up a mock-up copy of a banking site, your users will not notice that is a fake. Rob ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
