Public key infrastructure

[Peter Rockai]

On Mon, Jul 24, 2006 at 07:06:40PM +0200, Joachim Selke wrote:
> (5) No application should come with "default" or "example" certificates
> contained in its RPM, because certificates should be created by the
> admin for security reasons. To support this, applications may include a
> config file for openssl, that is stored in /etc/pki/$appname.
> 
> Any comments on this?

Yes. I would like to point out that this rule would leave the default
installs of imap/pop/whatever servers either uncapable of encryption
or completely useless, whichever you prefer.

With default certificates, you should be able to do the "leap of
faith" style authentication: your mail/web/etc client stores the
certificate and alerts you if things go wrong with it. It seems to
work fine for ssh (although tls clients could be a bit more
intelligent in this regard).

I would assert that a leap of faith (or even completely without server
authentication), tls is a better solution that completely open
communication. So generating a self-signed certificate (if none exists
for the server) in %post scriptlet is IMO a good thing.

The admin will very quickly find out that the service uses
self-signed, default cert if he tests it at all (so they can be either
content with that or generate different certificate or use one from ca
or disable tls or whatever). And if they never even test it, how do
you expect them to generate certificates :-).

Also note that certificates are never shipped inside an RPM, that
would not make any sense -- the certificate needs to be unique in each
installation.

Yours, Peter.

-- 
Peter Rockai | me()mornfall!net | prockai()redhat!com
 http://blog.mornfall.net | http://web.mornfall.net

"In My Egotistical Opinion, most people's C programs should be
 indented six feet downward and covered with dirt."
     -- Blair P. Houghton on the subject of C program indentation