WebApp Sec mailing list archives

RE: key storage

From: Frank Knobbe <frank () knobbe us>
Date: Sat, 04 Sep 2004 13:53:56 -0500

On Fri, 2004-09-03 at 08:48, Mark Curphey wrote:

The one exception is SSL / TLS where the aim should be to offload it where
the transport terminates i.e. in the dmz.


And the really paranoid can offload it in such a fashion that the SSL
keys are not available to intruders (i.e. into the web server). If you
offload the storage of the SSL keys to a device inaccessible to an
attacker (i.e. load-balancer), you eliminated the key compromise
altogether.

Shops with SSL terminating load-balancers (for intrusion detection
reasons) already take advantage of that... although they are mostly
unaware of that :)

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

RE: key storage, (continued)
- RE: key storage Brown, James F. (Aug 27)
  - RE: key storage Ajay (Aug 28)
- RE: key storage Brown, James F. (Aug 30)
  - RE: key storage Ajay (Aug 30)
- RE: key storage Brown, James F. (Aug 30)
- RE: key storage Scovetta, Michael V (Aug 31)
- RE: key storage Roman Fail (Aug 31)
  - RE: key storage Ajay (Aug 31)
  - Re: key storage George Capehart (Sep 02)
    - RE: key storage Mark Curphey (Sep 05)
    - RE: key storage Frank Knobbe (Sep 04)
    - RE: key storage Frank Knobbe (Sep 04)
    - Re: key storage George Capehart (Sep 04)
    - Re: key storage Frank Knobbe (Sep 04)
    - Re: key storage George Capehart (Sep 04)
- RE: key storage Michael Howard (Sep 01)
- Re: key storage Jason Coombs PivX Solutions (Sep 05)
  - Re: key storage Ajay (Sep 05)