[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] purchasing a secure certificate from Thawte

Subject: RE: [cobalt-users] purchasing a secure certificate from Thawte
From: Rodolfo Paiz <rpaiz@xxxxxxxxxxxxxx>
Date: Tue Jun 6 00:56:56 2000

> Should I just press on with the instructions from the RaQ's
> user manual or should I be more concerned about finding and
> backing up my private key?  Is it secure enough in the
> default location?

[soapbox on]

Hmm... this is your private half of the security mechanism
that will protect most, if not all, your valuable and con-
fidential communications with the outside world. If you lose
this or mishandle it, you will have to go to some amount of
work to recover it. If someone steals it, you may lose a
substantial amount of money or data, or both.

You're not syure where it is stored. You don't actually have
a copy in that you don't have a copy *where you know you can
get at it*. You have no way of finding and/or recovering that
little bit of data if your hard disk goes south. And you'll
have Hell's own time decrypting your own data if you don't
have that private key.

As Brent said, the prospect is not to instill fear... Never-
theless, anytime your security is concerned (yours, your
data's, your customers', your customers' data, any or all of
the above), always be paranoid. Always be concerned. And
never have blind faith in anything, especially anything of
whose internal workings you aren't 100% cognizant. I recall
a thread recently of some Cobalt equipment storing the root
password in a clear-text (world-readable) file in an open
(world-readable) directory. Mmm... is that the sound of
security frying I hear? (Check the archives; I'm *not*
kidding.)

Find the key. Back it up. Secure it as best you can. Under-
stand how it is stored, where, and how. Figure out what
someone would have to do to hack it or get at it, then try
to protect against that eventuality. *Then* press on with
the instructions.

[soapbox off]

I mean you no offense, Brian; I hope you realize that. I
am only trying to EMPHATICALLY make the point that your
server's security is of paramount importance, and that
the one cardinal sin in security of any type is to show
unwarranted trust. Matter of fact, some would say that
the only mistake is to show *any* trust, period. But
we're only paranoid around here, not psychotic. :)

Hope I convinced you to take that key very seriously...

------
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx <mailto:rpaiz@xxxxxxxxxxxxxx>

References:
- [cobalt-users] purchasing a secure certificate from Thawte
  - From: Brian Baggett

Prev by Date: Re: [cobalt-users] Perl 5.6
Next by Date: [cobalt-users] can not install web adverts banner exchange script on cobalt
Previous by thread: [cobalt-users] purchasing a secure certificate from Thawte
Next by thread: Re: [cobalt-users] purchasing a secure certificate from Thawte

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index