httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: cvs commit: httpd-2.0 CHANGES
Date Wed, 27 Feb 2002 22:40:49 GMT
At 03:33 PM 2/27/2002, Cliff Woolley wrote:
>On 27 Feb 2002 wrowe@apache.org wrote:
>
> >   +  *) Introduce PassPhraseDialog "|/path/to/pipe" mechanism to mod_ssl.
> >   +     This pipe must be a bidirectional 'console' style relay, which
> >   +     mod_perl prints all prompts to the pipe's stdin, and reads the
> >   +     passphrases from the pipe's stdout.  [William Rowe]
>
>I don't have a problem with this change in and of itself, but we need to
>be careful to emphasize to our users how little good a passphrase will do
>you.  It does even less good when the input is piped in from a program
>that is unsuitably protected.

Agreed.  I'm not even aware of the current state of mod_ssl docs, I will add
an aside that there are security considerations to the implementation of
any passphrase method, when I figure out where it resides.  If someone
wanted to write a short summary of the vulnerabilities and how to properly
protect the chain from snooping and attack, then great.  I'd be happy to
review that doc and add my 2c(US).

On Win32, we have no choice.  Either this was a hardcoded invocation of
a dialog app that could 'break through' the wall of the service control layer,
or we simply allow them to deploy any app for that purpose, with an eye
on wintty for win32 services.

>We have countless debates about this on the mod_ssl users list--some
>people think passphrases are good, many of us think they just lead to a
>false sense of security.  All I'm suggesting here is that we should
>document all the pros and cons somewhere better than what we have now.

:-)



Mime
View raw message