[stunnel-users] Common Name checking
Mark Bolton
mbolton at boltz.co.uk
Wed Jul 15 09:46:11 CEST 2009
Hi Mike,
Thanks for your reply, however a CRL will only help if we find out
about it.
We want to prevent it from happening of course, but we want to remove
the incentive as well. With a CRL, there is a window of opportunity
between the time the cert is stolen and when the theft is discovered.
How can we close that window?
Regards,
Mark
--
Mark Bolton
On 14 Jul 2009, at 14:13, Michal Trojnara <Michal.Trojnara at mobi-
com.net> wrote:
>
> Mark Bolton <mbolton at boltz.co.uk> wrote:
>> Is there anyway we can use stunnel to help us guard against this
>> 'stolen cert' situation or if not what else could we do?
>
> Sure. CRLs are designed exactly for this purpose.
> http://en.wikipedia.org/wiki/Certificate_revocation_list
>
> Best regards,
> Mike
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
More information about the stunnel-users
mailing list