Best Practices for private key files handling
Michael Ströder
michael at stroeder.com
Sun Sep 18 10:26:30 UTC 2022
On 9/18/22 06:09, Philip Prindeville wrote:
>> On Sep 15, 2022, at 4:27 PM, Michael Wojcik via openssl-users <openssl-users at openssl.org> wrote:
>> You still haven't explained your threat model, or what mitigation
>> the application can take if this requirement is violated, or why
>> you think this is a "best practice". >
> The threat model is impersonation, where the legitimate key has been
> replaced by someone else's key, and the ensuing communication is
> neither authentic nor private.
Maybe I'm ignorant but shouldn't this be prevented by ensuring the
authenticity and correct identity mapping of the public key?
More information is needed about how you're system is working to comment
on this.
Ciao, Michael.
More information about the openssl-users
mailing list