-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 >>>They can simply replace it with a different CA certificate, so that you >>>authenticate to a server that claims to be your server but actually is a >>>different server that have the same certificate name as your server but >>>was issued by the CA that replaced your CA on the token. >> >>But doesn't storing the CA cert on the local hard drive expose you the >>very same problem ? And the hard drive is always accessable, there's no >>authentication to access it once you're running from it. >>(or am i missing the point here ?) > > > Let's say that you don't run as root or Administrator, openvpn daemon > or service is using configuration file you cannot modify, this > configuration file refers to a CA certificate that you cannot modify > either. The result is that you can access only servers that suits > system administrator policy, you cannot bridge your network to foreign > site. > > Modify this configuration requires something you don't have > (Administrative permission), altering the token requires something you > have (PIN). > > Moreover, modifying the token exposes you where-ever you go, breaking > into a specific machine exposes you only in this machine.
Correct, not to nitpick, but rather to be complete about the requirements: that does mean you'd need openvpn 2.1 (especially for MSWindows) and it's management interface. Otherwise running openvpn as a service under lower privileges won't work. And moreover: setting the correct ACLs in the filesystem. Which is not something a lot of MSWindows users (or admins for that matter) seem to be doing. This issue might be a good one for in the FAQ under the heading of tightening security. If the 2.1 codebase goes stable/mainstream that is. Albert -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDy7j0KltZixSsH2QRA4XQAJ9Gy0Ni/vcK1bpdbW0ZydF9J60RxwCfb+Nh JpD6PjXoeZaddNLYHncv1kI= =1kAt -----END PGP SIGNATURE-----
