On Mon, Jul 24, 2006 at 07:06:40PM +0200, Joachim Selke wrote: > (5) No application should come with "default" or "example" certificates > contained in its RPM, because certificates should be created by the > admin for security reasons. To support this, applications may include a > config file for openssl, that is stored in /etc/pki/$appname. > > Any comments on this? Yes. I would like to point out that this rule would leave the default installs of imap/pop/whatever servers either uncapable of encryption or completely useless, whichever you prefer. With default certificates, you should be able to do the "leap of faith" style authentication: your mail/web/etc client stores the certificate and alerts you if things go wrong with it. It seems to work fine for ssh (although tls clients could be a bit more intelligent in this regard). I would assert that a leap of faith (or even completely without server authentication), tls is a better solution that completely open communication. So generating a self-signed certificate (if none exists for the server) in %post scriptlet is IMO a good thing. The admin will very quickly find out that the service uses self-signed, default cert if he tests it at all (so they can be either content with that or generate different certificate or use one from ca or disable tls or whatever). And if they never even test it, how do you expect them to generate certificates :-). Also note that certificates are never shipped inside an RPM, that would not make any sense -- the certificate needs to be unique in each installation. Yours, Peter. -- Peter Rockai | me()mornfall!net | prockai()redhat!com http://blog.mornfall.net | http://web.mornfall.net "In My Egotistical Opinion, most people's C programs should be indented six feet downward and covered with dirt." -- Blair P. Houghton on the subject of C program indentation -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
