On Wed, Apr 26, 2000 at 02:46:19PM -0500, Leland V. Lammert wrote: > At 12:53 PM 4/26/00, you wrote: >> Of course, nothing is as secure as a human being typing the passphrase in >> at startup, but we've established that that is too much like hard work :). > Sorry, .. but you missed the point. If you are rebooting a server: > > 1) In many cases the person doing the rebooting does not have root access, .. much >less knowledge OF the pass phrase! > > 2) In many other cases, the reboot is done remotely. > > 3) In both cases above, the server would HANG on reboot awaiting a passphrase. If keys are secured with a pass phrase, obviously you should not automatically start the server at boot stage. Or, start it with a different configuration file that excludes virtual hosts that need certificates. The point of encrypting keys is not to secure them from people breaking into the machine -- as the keys are in RAM, anyone with root access can obtain them anyway. The point is that you don't end up having unencrypted keys on backup tapes and on the hard disk, where anyone who has physical access can easily steal them (and pass them to someone who has the knowledge to read the actual keys from the media). Typing the pass phrase need not be done at the system console, it can be done via SSH. So the typical procedure for booting could be that the person who does the rebooting pages someone who has knowledge of the pass phrase or sends e-mail to them in case they are not around. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
