[Info-vax] Some of what I'm reading...
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Mon May 21 11:53:24 EDT 2018
On 2018-05-21 12:45:29 +0000, John E. Malmberg said:
> On 5/21/2018 5:58 AM, Arne Vajhøj wrote:
>> On 5/20/2018 11:57 PM, John E. Malmberg wrote:
>>> On 5/20/2018 7:36 PM, Arne Vajhøj wrote:
>> I think vendor supplied CA certificates is mostly a browser thing.
> Not just browsers. It is used for Java, curl, wget, and any
> application that uses OpenSSL directly or indirectly through libcurl,
> like git, pypi, etc.
Correct. It's anything that needs a secure connection, and servers
need more than a few secure connections. It's less than desirable to
have critical security data scattered haphazardly around the file
system by OpenVMS and languages and apps, and with no set protections
and no set encryption and no set APIs for that data, and with no means
for updates beyond entirely manual and site-specific processes. That's
just a recipe for security problems.
This is part of where getting the security data identified and better
isolated and protected, and where related work such as the wholesale
integration with LDAP can help.
There's also that servers increasingly use HTTPS for server-to-server
communications. Those "browser things" are increasingly also "server
things".
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list