cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: Jan Dittberner <jandd AT cacert.org>
- To: Daniel Black <daniel AT cacert.org>
- Cc: cacert-sysadm AT lists.cacert.org
- Subject: Re: Apache / Debain packaging / SSL Regnegiotation
- Date: Fri, 26 Mar 2010 09:07:26 +0100
On Fri, Mar 26, 2010 at 02:30:24PM +1100, Daniel Black wrote:
> I need some help. With the of browsers to fix the CVE-2009-3555 and Safari
> abnormal responses to optional client certificate authentication is seems
> the
> approach is to move from Directory/Location based certificate
> authentication
> to domain based certificate authentication[1]. There are two ways to
> achieve
> this:
> 1. SNI
> 2. An IP separated domains like typical SSL services
...
<jandd AT debian.org
hat on>
> So my question is - how to go for Bern infrastructure?
> 1. squeeze
Don't bet on Squeeze yet, we are not even in freeze.
> 2. lenny and create/maintain backported apache2
I will try how much has to be changed in the package to backport the squeeze
version. If there is not too much effort necessary to maintain a backport we
could go this way. I suggest to use the official backports.org infrastructure
then.
</jandd AT debian.org
hat on>
> 3. more IPs
we should have at least some spare IPs, but I (and others like IanG) would
like
to implement SNI.
> 4. something else?
Who will create the certficates/keys for all of these hostnames?
Regards
Jan
--
Jan Dittberner - CAcert Infrastructure Team
GPG-key: 4096R/558FB8DD 2009-05-10
B2FF 1D95 CE8F 7A22 DF4C F09B A73E 0055 558F B8DD
http://www.dittberner.info/
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- Apache / Debain packaging / SSL Regnegiotation, Daniel Black, 03/26/2010
- Re: Apache / Debain packaging / SSL Regnegiotation, Jan Dittberner, 03/26/2010
- Re: Apache / Debain packaging / SSL Regnegiotation, Daniel Black, 03/26/2010
- Re: Apache / Debain packaging / SSL Regnegiotation, Ian G, 03/26/2010
- Re: Apache / Debain packaging / SSL Regnegiotation, Jan Dittberner, 03/26/2010
Archive powered by MHonArc 2.6.16.