[systemd-devel] SSL for gatewayd
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Thu Jan 10 04:54:57 PST 2013
On Thu, Jan 10, 2013 at 09:59:59AM +0200, Oleksii Shevchuk wrote:
> > But for the normal
> > use case, where you just want to browse messages from one computer
> > and another computer under your control
>
> In this situation CA shouldn't be used. SSH-like scheme (without third-party) is
> ok for this usecase. Or maybe SASL authentication + TLS/brokenPKI combo
> should be used..
Right now I generate a CA certificate, then a client and server certificates,
and than use the first one two sign the second and the third. Then I launch
the server with the server certificate, and tell it to trust CA, and e.g.
install the client certificate in firefox. Then browse messages.
Or specify client certificate as an option to each wget or curl invocation.
Can you say how things would work in your scheme?
Zbyszek
> > this is overkill
>
> This is the service, which accepts incoming connections, and gives
> access to sensitive data, anyway.
>
> // IMO, surely
> // wbr, Alex
>
More information about the systemd-devel
mailing list