Old topic ssl private key with passphrase
B.R.
reallfqq-nginx at yahoo.fr
Wed Apr 23 21:03:41 UTC 2014
Igor and Maxim positions, I suppose, are based on the fact that, unless
using an external system to authenticate the user of a certificate, storing
both certificate + passphrase on thel same system, accessed by the same
user (the one running nginx which loads the certificate and needs to
decrypt it) has the same level of security that dealing with an unencrypted
certificate and provide a false sense of securilty.
Isolation of independent parts of a security system is a very basic notion
of security based on common sense. The standards you quote are based on
those.
---
*B. R.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140423/f0a07005/attachment.html>
More information about the nginx
mailing list