[clue-admin] Cert for TLS.
David L. Anselmi
anselmi at anselmi.us
Sat Jul 8 18:48:21 MDT 2006
Jeff Cann wrote:
[...]
> I'm not sure if we need a valid cert, It's funny to me that Dave
> suggested it because a few years ago, when I last suggested it, it was
> *Dave* who thought it wasn't necessary. :) Too bad we lost the
> archives as evidence. Dang it!
Well, you might be right. I would guess that I argued against buying a
cert rather than signing our own.
By valid I mean a server cert with a CN that matches our server's name.
Not necessarily one that is signed by someone most browsers "trust".
We don't need a valid cert, just one that is unique. That's the way SSH
does it (actually SSH uses public keys, not certs). But SSH is built to
verify the server's key hasn't changed from what you accepted. With an
incorrect CN, web browsers will complain and they don't make it as easy
to verify the key as SSH does.
At the moment I don't care that much which path we take (even leaving
the bogus cert in place). But I'd like us to understand the rationale
for the decision. Unless we have someone who wants to learn to manage
out PKI, buying a cert may be worth the price in reduced effort. But
that gives us less flexibility to manage the CA in a way that is
reliable in the face of volunteer officers becoming unavailable.
Dave
More information about the clue-admin
mailing list