iOS mysterious issues on Freeradius 3.0.14
p.mayers at imperial.ac.uk
Fri Mar 24 11:04:52 CET 2017
On 23/03/17 16:04, Brian Julin wrote:
> Technical creation of a CA server is trivial. CAs are more than a server. Proper procedures to
> ensure the CA is used in a way that does not subject it to compromise is... "a bit more difficult".
> So are disaster recovery precautions (e.g. what group of people are allowed to take airplanes together?)
> There are whole books about it.
> Everyone rushing to build an insecure CA infrastructure could be a pretty dangerous trend.
People don't talk about this enough. A CA is more than just a server or
HSM, some scripts and a web UI. It's almost *all* about process and
procedure, and as technical people we tend to ignore this.
I would be interested to hear an assessment of costs in term of
staff/FTE equivalent for running a CA, cross-referenced to an
independent evaluation of the security of said CA from a process PoV.
Slightly OT: can we have a quick headcount of which client deployment
tools people are using to deploy their private CA, ideally annotated
with any platforms it *doesn't* support?
More information about the Freeradius-Users