Package shipping their own CA and security

[Florian Weimer]

On 02/08/2013 12:58 PM, Reindl Harald wrote:
>
>
> Am 08.02.2013 12:54, schrieb Florian Weimer:
>> On 02/08/2013 12:41 PM, Michael Scherer wrote:
>>
>>> For a certificate, that's slightly more subtle. A certificate alone in a
>>> package cannot do much. If there is no private key, then it cannot be
>>> used out of the box, except for client side validation ( afaik ). So
>>> all .pam certificates we can find would be used to validate another ssl
>>> certificates.
>>
>> Embedding a certificate in a RPM is fine because we can handle revocation/key rollover through an RPM
>> update—especially if it's not a configuration file.  We might eventually get a better mechanism, but until that
>> happens, it's not so bad.
>>
>> (This assumes that we own the certificate in question.  Obviously, it won't do to download the certificate from the
>> Internet, bake it in, and hope that it won't change until it expires.  That's just not going to work.)
>
> it is NOT fine, it is just stupid
> the certificate is broken after that
>
> any random guy out there can missuse it and your users
> which trust the certificate are

Please mind your language.

Evidently, we are not talking about the same thing.  I was referring to 
server certificates baked in to clients, in case this wasn't clear.

-- 
Florian Weimer / Red Hat Product Security Team