[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] I don't get it: why use a certificate?

  • Subject: Re: [Openvpn-users] I don't get it: why use a certificate?
  • From: Todd and Margo Chester <ToddAndMargo@xxxxxxxxxxx>
  • Date: Sun, 24 Jun 2007 21:09:28 -0700

Doug Lytle wrote:
> Todd and Margo Chester wrote:
>> For instance, if a laptop gets stolen,
>> don't the bad guys have everything they
>> need to use the tunnel regardless if
>> you are using a certificate or a key?
> You can revoke the certificate of any of the clients.  You can't do that 
> using shared static keys.
> Doug

I think I understand.  With a shared key, if a remote (laptop)
gets compromised, you have to change all the keys.  With
a certificate, you can create one for each remote and when a
remote gets compromised, you only have to revoke one

Then, again, if you only have one remote, it becomes a
mute point.

Am I correct?


Openvpn-users mailing list