[stunnel-users] Common Name checking

Mark Bolton mbolton at boltz.co.uk
Wed Jul 15 09:46:11 CEST 2009


Hi Mike,
Thanks for your reply, however a CRL will only help if we find out  
about it.

We want to prevent it from happening of course, but we want to remove  
the incentive as well. With a CRL, there is a window of opportunity  
between the time the cert is stolen and when the theft is discovered.  
How can we close that window?

Regards,
Mark

--
Mark Bolton

On 14 Jul 2009, at 14:13, Michal Trojnara <Michal.Trojnara at mobi- 
com.net> wrote:

>
> Mark Bolton <mbolton at boltz.co.uk> wrote:
>> Is there anyway we can use stunnel to help us guard against this
>> 'stolen cert' situation or if not what else could we do?
>
> Sure.  CRLs are designed exactly for this purpose.
> http://en.wikipedia.org/wiki/Certificate_revocation_list
>
> Best regards,
>    Mike
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users



More information about the stunnel-users mailing list