106
edits
Talk:NSS Shared DB: Difference between revisions
feedback to first question
(Add s_open section) |
(feedback to first question) |
||
| Line 1: | Line 1: | ||
== Review input required: is there a preference between a single DB file or separate key and cert DB files? == | == Review input required: is there a preference between a single DB file or separate key and cert DB files? == | ||
1. I have heard good arguments both for and against combining the two DBs. | |||
For: The cert DB contains trust information and therefore is just as security sensitive to the user as the contents of the private keys. It should be password protected (encrypted) just as the key DB already is. | |||
Against: Today, as a debugging aid, we occasionally ask users to send us copies of their cert DB. We remind them that their cert DB contains no private keys, and this usually satisfies them that they can send their cert DBs without worry of key compromise. We should retain that characteristic, that the DB (or set of DBs) has a separable part that can easily and safely be sent to others. | |||
2. (Your response could go here) | |||
== Review input required: Accessing the shared Database: which default would you prefer? == | == Review input required: Accessing the shared Database: which default would you prefer? == | ||