On Wed, Sep 19, 2007 at 08:01:28AM -0700, David Schwartz wrote:
>
> > So could someone guide me with the best practices used in such scenarios?
> > Is there a way to securely embed the private key in the installers / CA
> > certificate?
>
> I guess I'm confused. What purpose would a certificate serve if anyone can
> generate one that serves any purpose?
>
> If I can generate a certificate that says I'm the pope just by entering that
> into your installer, then a certificate that says I'm the pope doesn't prove
> I'm the pope.
>
> So what's the point of the entire exercise?!
Bootstrapping server credentials in a scalable fashion in a large environment
is a tricky problem. Whether the credentials are Kerberos host keytabs, or
X.509 identity certs, the best practice is to entitle the human administrator
who builds the host to generate the initial host credentials.
Typically this means that the administrator has some way to authenticate
to a credential enrollment system (kadmind, X.509 cert enrollment
website, ...) and can interact with the system to generate the cert for
the newly built host.
Some systems impose a higher barrier for re-issuing creds for an existing
name (impersonation risk) than for obtaining creds for a never used name.
This is what operating an authentication system is all about, the keys,
certs, ... are just the technical bits of stale evidence of alleged past
due diligence.
Security derives more from getting the process right than from the
cryptographic strengh of the various protocols.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
