Re: Role Separation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 9/15/2019 8:29 AM, Kyle Hamilton wrote:
OpenSSL is a toolkit, not a full implementation.  More importantly, it is a library, so anyone who can link against it can perform all operations that the library can support, and the library has no concept of role separation built in.

Still more importantly, almost everything OpenSSL does is just math and file manipulation.  S_client and s_server add basic network operations.  There's probably some low-level goop for hardware acceleration, but that's just acceleration.

You can write a program to do those things without needing to involve OpenSSL, so restrictions on OpenSSL per se aren't very interesting.

The way to restrict PKI operations (in a simple configuration) is through file and directory permissions on the data involved.
-- 
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux