Mark,
On 2/17/21 12:25, Mark Thomas wrote:
On 17/02/2021 17:16, Christopher Schultz wrote:
Mark,
Why not simply mint a self-signed cert that lasts a long time? They are
self-signed so global trust isn't important. If global-trust isn't
important then it's okay if someone "steals" them any time they like.
Mainly to act as a deterrent to anyone using these certs in any sort of
production system. Yes, that would be a monumentally bad idea but I
wouldn't be surprised if it happened.
It is also nice to see things expiring. It reassures me that stuff is
working as it should :)
Having to re-generate the certs is just a nuissance and causes
revision-churn.
Updating the certs is trivial. Just copy and past a handful of commands
in the text file in the PMC repo. Given the ever changing requirements
of server certs, I don't think the revision churn would be that
different with longer expiry times.
I think it would be better to either mint the certs as needed (e.g. in
the tests themselves) or just use a cert that lasts a long time (e.g. 30
years). Minting on-demand might kill the entropy on the server, so
that's not a great idea.
Yeah, creation on demand would be nice but it currently requires OpenSSL
which isn't guaranteed to be available.
Why not keytool or a "simple" Java driver to do the same?
> The entropy issue is a larger concern.
Yup. Unless we can convince the system to use /dev/urandom for key
generation, which is something we *always* recommend against, and for
good reason.
If we write our own cert-creator, perhaps we can rig it to use an awful
source of entropy so it's nice and fast.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
