[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] use pkcs12 certificates or not

  • Subject: Re: [Openvpn-users] use pkcs12 certificates or not
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Sun, 18 Sep 2005 23:48:53 -0600 (MDT)

On Sun, 18 Sep 2005, Mathias Sundman wrote:

> On Sun, 18 Sep 2005, Alon Bar-Lev wrote:
> > On 9/18/05, Mathias Sundman <mathias@xxxxxxxxxx> wrote:
> >> If I were to write the pkcs12 support now after this díscussion I'd
> >> propably have made it like you say, but now when the feature (or security
> >> issue as you look at it) already exists, it's a little harder to just
> >> remove it.
> >
> > Will you make the change  (--ca overrides the read of CA from the PKCS#12)?
> Yes, I can fix that, unless someone thinks that's a bad thing. I can't see 
> anything bad with it at least. James, any comments?

Notwithstanding the issues of identity vs. trust, most people are using
PKCS#12 as a kind of zip/archive file containing certs/keys.  I'm not
clear on what the argument is for why security would be affected by the 
way the files are packaged?


Openvpn-users mailing list