Consider an additional section discussing management of certificate repositories. In Alice's use case in Ch 14 it discusses cleaning the repository of public CAs. This definitely should be brought out in front. Such a section could also include awareness of multiple repositories, examples of the repositories that could be encountered in OpenStack, why and why not to password protect repositories, what should and should not be included in the repository, what certificates should be marked as trusted, and perhaps options for more secure storage of keys (PKCS11?).
-----------------------------------
Built: 2014-07-15T19:04:52 00:00
git SHA: f7711cc343e504283676dfe43afae6faa9046fd7
URL: http://docs.openstack.org/security-guide/content/introduction-to-ssl-tls.html
source File: file:/home/jenkins/workspace/security-doc-tox-doc-publishdocs/security-guide/ch_introduction-to-ssl-tls.xml
xml:id: introduction-to-ssl-tls