httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: pgp trust for https?
Date Wed, 09 Nov 2005 18:14:43 GMT

In a message dated 11/9/2005 4:12:50 PM Central Standard Time, writes:

> Bill wrote...
> So rather than spin off-topic threads, where's the discussion of taking
> something that exists, such as se-linux, and actually leveraging security
> features of more evolved security architectures?  That's when things come
> back on-topic here.

Well... before you jumped in... I think we were just about to get there.

We were just starting to discuss the 'more evolved security architectures'
and how they can improve the chain of trust, etc... and how that might
come into play for the lads discussing the ( Thread title ) "pgp trust for 

I am not affiliated with any company that directly manufactures or
ships Itanium products... but I happen to have 2 or 3 of the beasties
here and Peter is right... the answers to most people's well-worn
arguments about how you can't secure an OS are now laying right
on the coffee table ( once the solve the over-heating problems, LOL ).

There are parts of every server ( httpd included ) that should ONLY
run in the (new) protected IA64 'container' spaces. It's a given 
and it's inevitable.

> The httpd's security isn't off topic, I'll agree.  Debating or promoting
> different ring and kernel architectures is off topic, though, when you
> aren't applying them to an operating system that httpd can run on.  

httpd runs fine on Itanium... it just hasn't even begun to take advantage
of the new architecture, that's all... and that's all I saw Peter throwing
out to the thread. It could... and it might represent some solutions
for the lads who started the thread.

> Of course anyone is welcome to take the httpd code off to their own project
> to develop embedded httpd in a truly secure environment.

Been there, done that.

It's interesting to discover the real success of APR when you
remove the operating system altogether and discover that Apache
is now so good at not caring what the OS really is that it doesn't
care much, either, when there is no OS at all.


View raw message