[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

being picky about documentation...

From: Steve Wray
Subject: being picky about documentation...
Date: Tue, 09 Aug 2005 12:18:50 +1200
User-agent: Mozilla Thunderbird 0.9 (X11/20041103)

One of our resident pedants pulled us up on this, saying that if the
cfengine people don't understand SSL properly, how can we know that its
secure? (or words to that effect).

In: (and IIRC I've seen
this comment elsewhere)

It says:
"SSL is not appropriate for a system administration tool, because it
uses a trust model based on a third party, such as Verisign. Most
adminisrators are not prepared to pay a fee to register every host on
their network, with a trusted third party."

Which is not exactly accurate.

You can act as your own CA, theres no need to involve a third party.

We use x509 certificates for VPNs, for example, using self-signed

True, the SSL model of trust isn't entirely appropriate for the way that
cfengine operates, but not because it involves a third party. Rather
because its unnecessarily complex for the job.

"Politics is the art of looking for trouble, finding it, misdiagnosing
it, and then misapplying the wrong remedies." - Groucho Marx

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]