[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: what to do in case of a compromised SSL cert?



On Thursday 24 August 2006 23:23, Bruno Wolff III wrote:
> On Thu, Aug 24, 2006 at 12:58:24 -0700,
>
>   Chris Weyl <cweyl alumni drew edu> wrote:
> > Is there a procedure in place to deal with lost, possibly compromised
> > SSL certs?
> >
> > For the record, I have no reason to suspect mine has been, but I'm
> > curious as to how we'd deal with it :)
>
> Doing nothing is probably your first choice. The cert will still keep
> visitors from getting scary popups they don't understand. Trying to revoke
> the cert won't work very well (unless you control the browsers of your
> visitors) and won't prevent any likely attacks.

I have a strong feeling that Chris aimed at the ~/.fedora.cert, i.e. the ssl 
certificate for the build system. And if not, what if he did? Would it be 
enough to request a new certificate to make the old one useless?

Regards,
Till

Attachment: pgpj6RsX9nKMB.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]