Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Delivering mail to folders



The important characteristic is whether or not the CA root private key is ever exposed to any servers or clients. For example, if you used a self-signed cert (no separate CA) on a server, that server requires the CA root private key in order to serve webpages, and if you installed that cert into the CA root trust store of your clients, then if the server gets compromised, the attacker can impersonate literally any domain on any server, completely undermining your entire SSL/TLS infrastructure, with the ability to MITM attack every connection.

If you generate a CA, keep its private key private, and use it to sign a separate server cert, then if the server gets compromised, the worst the attacker can do is malicious things with the compromised server.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org