what to do in case of a compromised SSL cert?
Till Maas
opensource at till.name
Thu Aug 24 23:59:15 UTC 2006
On Thursday 24 August 2006 23:23, Bruno Wolff III wrote:
> On Thu, Aug 24, 2006 at 12:58:24 -0700,
>
> Chris Weyl <cweyl at alumni.drew.edu> wrote:
> > Is there a procedure in place to deal with lost, possibly compromised
> > SSL certs?
> >
> > For the record, I have no reason to suspect mine has been, but I'm
> > curious as to how we'd deal with it :)
>
> Doing nothing is probably your first choice. The cert will still keep
> visitors from getting scary popups they don't understand. Trying to revoke
> the cert won't work very well (unless you control the browsers of your
> visitors) and won't prevent any likely attacks.
I have a strong feeling that Chris aimed at the ~/.fedora.cert, i.e. the ssl
certificate for the build system. And if not, what if he did? Would it be
enough to request a new certificate to make the old one useless?
Regards,
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-extras-list/attachments/20060825/5c4641d4/attachment.sig>
More information about the fedora-extras-list
mailing list