[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] "--askpass file" is evil!

  • Subject: Re: [Openvpn-users] "--askpass file" is evil!
  • From: awilliam@xxxxxxxxxxxxx
  • Date: Fri, 3 Dec 2004 09:33:04 -0500 (EST)

> > You're assumptions are ruling out legitimate use cases.  laptop?  What
> > laptop?  How about connections that need to be completely automated
> > because there isn't a user there to enter a passphrase?  And the system is
> > mounted in a rack inside a concrete room with a locked steel door?   Of
> > course you also have to pass the front desk, security cameras, and at
> > night there are that those pesky door sensors hooked into the alarm
> > system.
> > If your argument is true then ***SSH*** is broken because you can automate
> > connections with key exchanges.  All you need is to get the keys!
> Of course there is always the possibiility that the box is explointed
> and the cert stolen...

Sure, but at that point who cares about the certs.  If you've gotten far 
enough to get the certs,  you could already have walked off with the data 
all this mishmash is meant to protect.

Openvpn-users mailing list