opennic:tls

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
Next revisionBoth sides next revision
opennic:tls [2020-05-31T18:37:09Z] – [Current deployment] deep42thoughtopennic:tls [2020-06-03T08:42:45Z] – [Planned deployment] deep42thought
Line 19: Line 19:
  
 The following things might be desirable, too: The following things might be desirable, too:
-  - Restrict validity of CA with [[https://security.stackexchange.com/questions/31376/can-i-restrict-a-certification-authority-to-signing-certain-domains-only|Name Constraints]] +  - Distribute the Root CA key amongst multiple persons: either share copies, have multiple such keys, or have [[https://tools.ietf.org/html/draft-hallambaker-threshold-sigs-02|some Shamir-like secret sharing]] in place
-  - Distribute the Root CA key amongst multiple persons: either share copies, have multiple such keys, or have some Shamir-like secret sharing in place+
   - Deploy multiple intermediate CAs / ACME-server "parallely"   - Deploy multiple intermediate CAs / ACME-server "parallely"
  • /wiki/data/pages/opennic/tls.txt
  • Last modified: 3 years ago
  • by marek