Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revisionBoth sides next revision
opennic:tls [2020-05-31T18:37:09Z] – [Current deployment] deep42thoughtopennic:tls [2020-05-31T18:37:27Z] – [Planned deployment] deep42thought
Line 19: Line 19:
  
 The following things might be desirable, too: The following things might be desirable, too:
-  - Restrict validity of CA with [[https://security.stackexchange.com/questions/31376/can-i-restrict-a-certification-authority-to-signing-certain-domains-only|Name Constraints]] 
   - Distribute the Root CA key amongst multiple persons: either share copies, have multiple such keys, or have some Shamir-like secret sharing in place   - Distribute the Root CA key amongst multiple persons: either share copies, have multiple such keys, or have some Shamir-like secret sharing in place
   - Deploy multiple intermediate CAs / ACME-server "parallely"   - Deploy multiple intermediate CAs / ACME-server "parallely"
  • /wiki/data/pages/opennic/tls.txt
  • Last modified: 3 years ago
  • by marek