hello everyone,
I've got this itch on my brain that maybe someone can explain:
Why does the postfix ebuild includes server certificates (other than CA root
certificates)? there is a private key, a certificate signing request, a signed
certificate...
[code]
pjlv archon $ qpkg -l postfix | grep /etc/ssl/postfix
/etc/ssl/postfix
/etc/ssl/postfix/server.crt
/etc/ssl/postfix/server.csr
/etc/ssl/postfix/server.key
/etc/ssl/postfix/server.pem
pjlv archon $
[/code]
the problems i see are:
1. It's annoying everytime you update postfix it tries to replace your
certificates with it's own (etc-update/dispatch-conf). If you're not careful,
you might end up with replaced PUBLIC private key/certificate.
2. It's a security risk for the unaware. If someone uses (and I'm sure many
people do) those certificates, than everyone with a postfix server can
successfully attack such encrypted connections... everybody's got their private
key, certificate, etc.
I'm sure there are more problems...
Is there a good reason for the ebuild to include default certificates?
[this is also posted on the gentoo forum:
http://forums.gentoo.org/viewtopic.php?p=1897167#1897167]
regards,
pedro venda.
--
Pedro João Lopes Venda
email: pjlv@mega.ist.utl.pt
http://arrakis.dhis.org
--
gentoo-security@gentoo.org mailing list
I've got this itch on my brain that maybe someone can explain:
Why does the postfix ebuild includes server certificates (other than CA root
certificates)? there is a private key, a certificate signing request, a signed
certificate...
[code]
pjlv archon $ qpkg -l postfix | grep /etc/ssl/postfix
/etc/ssl/postfix
/etc/ssl/postfix/server.crt
/etc/ssl/postfix/server.csr
/etc/ssl/postfix/server.key
/etc/ssl/postfix/server.pem
pjlv archon $
[/code]
the problems i see are:
1. It's annoying everytime you update postfix it tries to replace your
certificates with it's own (etc-update/dispatch-conf). If you're not careful,
you might end up with replaced PUBLIC private key/certificate.
2. It's a security risk for the unaware. If someone uses (and I'm sure many
people do) those certificates, than everyone with a postfix server can
successfully attack such encrypted connections... everybody's got their private
key, certificate, etc.
I'm sure there are more problems...
Is there a good reason for the ebuild to include default certificates?
[this is also posted on the gentoo forum:
http://forums.gentoo.org/viewtopic.php?p=1897167#1897167]
regards,
pedro venda.
--
Pedro João Lopes Venda
email: pjlv@mega.ist.utl.pt
http://arrakis.dhis.org
--
gentoo-security@gentoo.org mailing list