On Thursday 24 August 2006 23:23, Bruno Wolff III wrote: > On Thu, Aug 24, 2006 at 12:58:24 -0700, > > Chris Weyl <cweyl@xxxxxxxxxxxxxxx> wrote: > > Is there a procedure in place to deal with lost, possibly compromised > > SSL certs? > > > > For the record, I have no reason to suspect mine has been, but I'm > > curious as to how we'd deal with it :) > > Doing nothing is probably your first choice. The cert will still keep > visitors from getting scary popups they don't understand. Trying to revoke > the cert won't work very well (unless you control the browsers of your > visitors) and won't prevent any likely attacks. I have a strong feeling that Chris aimed at the ~/.fedora.cert, i.e. the ssl certificate for the build system. And if not, what if he did? Would it be enough to request a new certificate to make the old one useless? Regards, Till
Attachment:
pgpTJoe4lAiMD.pgp
Description: PGP signature
-- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
