[ale] SSL Certs for $14.95

Michael H. Warfield mhw at WittsEnd.com
Thu Apr 6 11:15:52 EDT 2006


On Thu, 2006-04-06 at 09:15 -0400, Christopher Fowler wrote:
> On Wed, 2006-04-05 at 23:15, Michael H. Warfield wrote:

> > 	Does each of these embedded devices have its own unique certificate 

> They generate their own and store them in a different part of flash. 
> They are then copied from flash and placed on the file system at run
> time.  

> In flash they are summed and blow fish encrypted.  If one bit is off the
> device generates a new certificate.  Same with SSH keys and config.

	Then the entire issue of "get a cert" for you is moot since you have to
generate unique, self-signed, certs each time.

	The only time a CA signed cert comes into play in this scenario is when
someone installs a cert onto a system at which time they can match up
name and cert, however appropriate.  Assuming they control their own
domain (as opposed to reverse DNS, which is not relevant to certificate
validation), it's up to them how that is managed and named.

	Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 309 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list