Using a passphrase on your ssl keys should mean that "someone" is
unable to take them and use them elsewhere without your knowledge.
Chances are you'd notice (eventually) if someone with root on your
server was doing bad things, but there's no way you'd notice if they
set up a server using your keys & certs, and redirected clients to it.
Of course, you still have to make sure that you notice that
something's wrong before providing the key passphrase to the
keylogger that someone just installed ;-), but it is an extra layer
of protection, and a deterrent to opportunistic theft of the keys +
certs.
It may not be "likely", but it is perfectly valid.
Cheers,
Nick
--
Nick Phillips / +64 3 479 4195 / [EMAIL PROTECTED]
# these statements are my own, not those of the University of Otago
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
