Re: [exim] Exim SSL/TLS certificate key file permissions/pas…

Pàgina inicial
Delete this message
Reply to this message
Autor: Jan Ingvoldstad
Data:  
A: Exim-users
Assumpte: Re: [exim] Exim SSL/TLS certificate key file permissions/password?
On Tue, Sep 10, 2013 at 8:20 PM, Adam Spragg <adam@???> wrote:

> Hi,
>
> On 2013-09-10 08:30, Jan Ingvoldstad wrote:
> > On Tue, Sep 10, 2013 at 2:18 AM, Adam Spragg <adam@???> wrote:
> >
> > > I'm not happy having an unprotected private key lying about anywhere,
> even
> > > if
> > > its permissions were 0400 - let alone 0440 as Exim requires.
> > >
> >
> > Then why are you happy about entering the password in a command line
> prompt?
> >
> > In other words, if you don't trust your system's integrity, why do you
> > trust your system's integrity?
>
> I trust my system's integrity *now*. But, these things called 0-day
> exploits
> exist. I admit the possiblity that my system might be compromised in the
> future. That's why I also run chkrootkit and tiger on a regular basis,
> among
> other integrity checkers.
>


I think you missed the point.

A system may be compromised at a time and in a manner that is not
convenient to you, and you will not likely discover that it is compromised
until after the fact.

That is the most likely scenario.

So if the assumption is that your system may be compromised in the future,
how can you trust that the password you entered is not also compromised?

The answer is that you cannot.

I'm skipping the unnecessary sarcasm.

> I think it's important to consider what it is that you're securing, and
> why.
>
> My system, because it's valuable to me. My keys are valuable; it costs
> money
> to get them signed.



That is so only because you choose to pay to have your keys signed, and how
you choose to spend your money is your business.


> If my system is compromised, but I can be reasonably sure
> that my private keys are OK, then on top of all the other cleanup I have to
> do, I don't have to revoke the old keys, generate new ones, and pay to get
> the
> new ones signed. I can just restore the existing keys from secure offline
> backups and go again.
>


As you preach about "security in depth", you should also follow sound
security practice, and do these things anyway.


> That's certainly up for discussion. You might be right. Maybe, maybe not.
> You've not convinced me yet though.
>


Luckily, I don't need to convince you.

It is you who need to convince other people, people who spend their good
spare time implementing software for you.

So that quip you had about the Apache patch was way off the mark.

For the record, I'm not one of the people you need to convince.
--
Jan