Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security improvements #2

Open
luisfarzati opened this issue Jan 4, 2020 · 0 comments
Open

Security improvements #2

luisfarzati opened this issue Jan 4, 2020 · 0 comments
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@luisfarzati
Copy link
Owner

luisfarzati commented Jan 4, 2020

Copying down here a few suggestions by the community. I'll try to tackle these when I have enough time for research ('cause I don't have much experience with these) and implementation.

If anybody wants to help with any of these, or discuss more about these suggestions, that would be great.

"Generate root CA with NameConstraints, in order to avoid issuing certs for any domain on the internet." (see original)

"Automatically destroy the root's private key after making any needed certs. That is, the root's private key exists only long enough to issue certificates for this session, then it's destroyed. If the user changes things you don't re-use that root CA, you distrust it and make a new one, for which the private key would likewise only exist during setup and then be destroyed." (see original)

"Shortening the lifetime of the locally installed root cert mitigates potential attack surface resulting out of a loss of sensitive private key material." (no link, gitter message)

@luisfarzati luisfarzati added enhancement New feature or request help wanted Extra attention is needed labels Jan 4, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

1 participant