Hi Frank,
----- Original Message -----
> Hi -
>
> nathans wrote:
> > > - mention the possibility of self-signed certificates, possibly
> > > working out an example
> >
> > You mean above and beyond the self-signed cert used in the example,
> > I'm sure.
>
> I only see "obtain and install a certificate ..." in the writeup, not
> anything about *how*.
>
Yeah, will expand on that some. I've been refering to other projects
writeups for enabling this, and I guess there must be several different
ways people/companies go about getting certs (in-house vs ext providers
I guess?) resulting in the docs tending to be vague wrt the "how".
> > Is that really a valid way to set up a realistic server? [...]
>
> It's obviously not applicable everywhere, but in other places, it's
> better than no encryption at all.
>
OK.
> > [...]
> > > - consider defaulting to PCP_SECURE_SOCKETS=1
> >
> > The semantics of that env var are that if a secure connection
> > cannot be established, the connection fails. [...]
>
> That could be changed, or a different value could be invented with a
> "prefer but not require ssl" meaning. The idea would be to get a
> as-secure-as-possible-by-default kind of situation.
Yes, I was pondering that as well. Could change it to having a value
and not than just being set/not - something like "soft" vs "hard",
or "best-effort" vs "enforced" perhaps? I didn't convince myself one
approach was better than the other, so left it as always-fail if we
cannot connect securely. Will look into the best-effort path again,
unless others have a strong opinion that we shouldn't do that.
A best-effort mode is something that could become a default in the
medium term, methinks, once confidence in the new code grows.
cheers.
--
Nathan
|