Re: [PATCH] Cache ssl client certificate passphrases

From: Mark Phippard <markphip_at_gmail.com>
Date: Fri, 9 May 2008 21:09:15 -0400

On Fri, May 9, 2008 at 8:29 PM, Branko Èibej <brane_at_xbc.nu> wrote:
> Mark Phippard wrote:
>>
>> Why would you object to
>> moving this into our password storage area, which on Windows and OSX
>> is very secure?
>
> Tut, tut. Read the patch again. It doesn't try to integrate with the
> Keychain/CryptAPI stores -- likely because they're too specific to the
> password rather than passphrase workflow.

Thank you! Finally, someone has identified the disconnect here. I
agree if it is storing plain text passphrase this has a lot less
value. When I asked Senthil to work on this patch, the whole point
was to leverage this encryption. So it sounds like we need to go back
and look at this more. That must have also been the API suggestion
you made in your initial comment.

Before we do that, it would be good to get acknowledgment from Joe and
anyone else that was against this patch to see if they would be in
favor of it if it was using our crypto facilities to store the
passphrase.

-- 
Thanks
Mark Phippard
http://markphip.blogspot.com/

Received on 2008-05-10 03:09:30 CEST

This message: [ Message body ]
Next message: Listman: "Re: Another comment on performance"
Previous message: Branko ÄŒibej: "Re: Another comment on performance"
In reply to: Branko ÄŒibej: "Re: [PATCH] Cache ssl client certificate passphrases"
Next in thread: Senthil Kumaran S: "Re: [PATCH] Cache ssl client certificate passphrases"
Reply: Senthil Kumaran S: "Re: [PATCH] Cache ssl client certificate passphrases"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]