-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
That's an interesing suggestion - thank you, that sounds reasonable. I'm using
orchestration anyways, so this should be easily scriptable.
Regards,
Lenz
Am 22.07.2015 um 14:21 schrieb Sam Varshavchik:
> Sam Varshavchik writes:
>
>> Lenz Weber writes:
>>
>>> Hi,
>>> sorry, but I have not found any documentation on this:
>>>
>>> I see that I can add a CA certificate to TLS_TRUSTCERTS and then set
>>> TLS_VERIFYPEER to PEER to enable certificate authentication.
>>>
>>> But with just that setup, if one client key is compromised, I have to
>>> change the complete CA. Is there a way to revoke a single certificate?
>>
>> Nope. There is no support for revocation lists at this time.
>
> Note, though, that you can achieve pretty much the same thing via
> authentication.
>
> Client certificates work by having the code fish out the emailAddress
> attribute from the client's certificate and using it to log in. So, to
> effectively revoke the certificate, remove the login, and create another one,
> with a new certificate.
>
> Even with /etc/passwd, you can have two entries in /etc/passwd with different
> login names, but same userid, groupid, and home directory. One is the public
> email address, the second one is for logging in. To effectively revoke a
> cert, the second one is removed, and replaced.
> So, one would have <[email protected]> as their public email address, and
> their certificate reads <[email protected]>, which logs into this mailbox.
> Left to its own devices, mail to either address would end up in the same
> mailbox, but so what. To "remove" the certificate, the <[email protected]>
> login gets deleted, and replaced with <[email protected]>, the public email
> address is unaffected.
>
>
> ------------------------------------------------------------------------------
> Don't Limit Your Business. Reach for the Cloud.
> GigeNET's Cloud Solutions provide you with the tools and support that
> you need to offload your IT needs and focus on growing your business.
> Configured For All Businesses. Start Your Cloud Today.
> https://www.gigenetcloud.com/
>
>
> _______________________________________________
> Courier-imap mailing list
> [email protected]
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJVr5uiAAoJED87gGHnFM0s/0IIAJ2dZb7aAECwPqqY8N8nVpnK
X1LY9+ovWlHYvR18KeCoDqKR25YcuxKaqKyU+2IHPDVr/RvB6HPF8IWQrAhjcnzk
e7eFk8PBokCirQA5aZb3+pfmL0GkPAd4UTt6IhGvq1gOL20+YUZwmHUOgL7gtKp+
fR/O46AY48UEHtHbKb0TPdu3YN6/hN6wdFD+tUVayQw0HWqlUrZ8e7vmXfI0b4GZ
K8NpacB0Kc8dpi+Us7pquwLiWBKqLqF0j/NvH4cVpPWRTaNQw1h6EW+hvact0Ipw
kFxfbFJ3T6QulDeUbGP+tF5JviXGApERnChHfZXBXaDz81hDV94zw7uhJmICpI4=
=M6fT
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Courier-imap mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
