WebApp Sec mailing list archives
RE: key storage
From: Frank Knobbe <frank () knobbe us>
Date: Sat, 04 Sep 2004 13:53:56 -0500
On Fri, 2004-09-03 at 08:48, Mark Curphey wrote:
The one exception is SSL / TLS where the aim should be to offload it where the transport terminates i.e. in the dmz.
And the really paranoid can offload it in such a fashion that the SSL keys are not available to intruders (i.e. into the web server). If you offload the storage of the SSL keys to a device inaccessible to an attacker (i.e. load-balancer), you eliminated the key compromise altogether. Shops with SSL terminating load-balancers (for intrusion detection reasons) already take advantage of that... although they are mostly unaware of that :) Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- RE: key storage, (continued)
- RE: key storage Brown, James F. (Aug 27)
- RE: key storage Ajay (Aug 28)
- RE: key storage Brown, James F. (Aug 30)
- RE: key storage Ajay (Aug 30)
- RE: key storage Brown, James F. (Aug 30)
- RE: key storage Scovetta, Michael V (Aug 31)
- RE: key storage Roman Fail (Aug 31)
- RE: key storage Ajay (Aug 31)
- Re: key storage George Capehart (Sep 02)
- RE: key storage Mark Curphey (Sep 05)
- RE: key storage Frank Knobbe (Sep 04)
- RE: key storage Frank Knobbe (Sep 04)
- Re: key storage George Capehart (Sep 04)
- Re: key storage Frank Knobbe (Sep 04)
- RE: key storage Brown, James F. (Aug 27)
- Re: key storage George Capehart (Sep 04)
- Re: key storage Ajay (Sep 05)