Re: Best Practices for private key files handling

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9/18/22 06:09, Philip Prindeville wrote:
On Sep 15, 2022, at 4:27 PM, Michael Wojcik via openssl-users <openssl-users@xxxxxxxxxxx> wrote:
You still haven't explained your threat model, or what mitigation
the application can take if this requirement is violated, or why
you think this is a "best practice". >
The threat model is impersonation, where the legitimate key has been
replaced by someone else's key, and the ensuing communication is
neither authentic nor private.

Maybe I'm ignorant but shouldn't this be prevented by ensuring the authenticity and correct identity mapping of the public key?

More information is needed about how you're system is working to comment on this.

Ciao, Michael.




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux