WebApp Sec mailing list archives

Re: key storage

From: George Capehart <gwc () acm org>
Date: Fri, 3 Sep 2004 11:54:18 -0400

On Friday 03 September 2004 09:48, Mark Curphey allegedly wrote:

Good call sir!


Muchas gracias, senor.


IMHO you should really not do any key crypto in the DMZ (key
generation, storage, validation, rotation etc). By its nature it's a
semi-trusted zone (de-militarized / bastions).

The one exception is SSL / TLS where the aim should be to offload it
where the transport terminates i.e. in the dmz.


Absolutely agreed.

/g

Current thread:

RE: key storage, (continued)
- RE: key storage Brown, James F. (Aug 30)
- RE: key storage Scovetta, Michael V (Aug 31)
- RE: key storage Roman Fail (Aug 31)
  - RE: key storage Ajay (Aug 31)
  - Re: key storage George Capehart (Sep 02)
    - RE: key storage Mark Curphey (Sep 05)
    - RE: key storage Frank Knobbe (Sep 04)
    - RE: key storage Frank Knobbe (Sep 04)
    - Re: key storage George Capehart (Sep 04)
    - Re: key storage Frank Knobbe (Sep 04)
    - Re: key storage George Capehart (Sep 04)
- RE: key storage Michael Howard (Sep 01)
- Re: key storage Jason Coombs PivX Solutions (Sep 05)
  - Re: key storage Ajay (Sep 05)