Nelson B Bolyard wrote: > [...] > What about that problem necessitates the use of PKCS#8? > On what stone is it chiseled that servers must read private keys from > PKCS#8 files every time they start up?
It makes sense to limit the number of formats used, and to say the private key and the cert should be together, but don't say it adds security then. The only difference between an unencrypted pkcs#8 key and a pkcs#12 with a static password or a configuration-file password is the fact that for one of the two it's less obvious that the only layer of security protecting the private key is the security mechanisms of the OS (as well as restricting physical access to the computer). _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
