iOS mysterious issues on Freeradius 3.0.14

Phil Mayers p.mayers at
Fri Mar 24 11:04:52 CET 2017

On 23/03/17 16:04, Brian Julin wrote:

> Technical creation of a CA server is trivial.  CAs are more than a server. Proper procedures to
> ensure the CA is used in a way that does not subject it to compromise is... "a bit more difficult".
> So are disaster recovery precautions (e.g. what group of people are allowed to take airplanes together?)
> There are whole books about it.

> Everyone rushing to build an insecure CA infrastructure could be a pretty dangerous trend.

People don't talk about this enough. A CA is more than just a server or 
HSM, some scripts and a web UI. It's almost *all* about process and 
procedure, and as technical people we tend to ignore this.

I would be interested to hear an assessment of costs in term of 
staff/FTE equivalent for running a CA, cross-referenced to an 
independent evaluation of the security of said CA from a process PoV.

Slightly OT: can we have a quick headcount of which client deployment 
tools people are using to deploy their private CA, ideally annotated 
with any platforms it *doesn't* support?

More information about the Freeradius-Users mailing list