Requests to create a repo in openbmc github
Patrick Williams
patrick at stwcx.xyz
Mon Nov 16 23:42:27 AEDT 2020
Hello Alan. We'll have a discussion in the docs review to see if this
fits better in an existing repository since it is a fairly minor
feature.
On Mon, Nov 16, 2020 at 03:21:25AM +0000, Alan Kuo (郭振維) wrote:
> For improve security, we propose a daemon that generate a self-signed https certificate once the hostname is assigned.
I don't think that any self-signed certificate does anything to improve
security. Any self-signed certificate, even with a valid hostname, can
simply be forged. Finding a self-signed certificate where the hostname
matches does not give you any additional confidence over a certificate
without a hostname.
It doesn't look like you put this wording into the doc, which is good,
but we should not have it anywhere in the code either because it gives a
false sense of security.
--
Patrick Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20201116/29379f6c/attachment-0001.sig>
More information about the openbmc
mailing list