Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
opennic:tls [2020-05-31T15:24:06Z] – [Current deployment] deep42thought | opennic:tls [2020-05-31T18:37:27Z] – [Planned deployment] deep42thought | ||
---|---|---|---|
Line 3: | Line 3: | ||
===== Current deployment ===== | ===== Current deployment ===== | ||
- | There is an experimental acme server in place at [[https:// | + | There is an experimental acme server in place at [[https:// |
The trust anchor for these certificates can be downloaded [[https:// | The trust anchor for these certificates can be downloaded [[https:// | ||
Line 19: | Line 19: | ||
The following things might be desirable, too: | The following things might be desirable, too: | ||
- | - Restrict validity of CA with [[https:// | ||
- Distribute the Root CA key amongst multiple persons: either share copies, have multiple such keys, or have some Shamir-like secret sharing in place | - Distribute the Root CA key amongst multiple persons: either share copies, have multiple such keys, or have some Shamir-like secret sharing in place | ||
- Deploy multiple intermediate CAs / ACME-server " | - Deploy multiple intermediate CAs / ACME-server " |