Hi Mike, Thanks for your reply, however a CRL will only help if we find out about it.
We want to prevent it from happening of course, but we want to remove the incentive as well. With a CRL, there is a window of opportunity between the time the cert is stolen and when the theft is discovered. How can we close that window?
Regards, Mark
-- Mark Bolton
On 14 Jul 2009, at 14:13, Michal Trojnara <Michal.Trojnara@mobi- com.net> wrote:
Mark Bolton mbolton@boltz.co.uk wrote:
Is there anyway we can use stunnel to help us guard against this 'stolen cert' situation or if not what else could we do?
Sure. CRLs are designed exactly for this purpose. http://en.wikipedia.org/wiki/Certificate_revocation_list
Best regards, Mike _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users