[Box Backup] Advice for users of Debian-derived systems affected by the OpenSSL fiasco -- assume compromise of all data
Matt Brown
boxbackup@fluffy.co.uk
Mon, 19 May 2008 13:07:44 +0100
Hi,
> There are several scenarios that need to be taken into consideration:
Just as a question, I have a number of clients who use Ubuntu Dapper
6.06 LTS who were unaffected as I understand by the SSL issue.
All the .raw keys were generated on these hosts - so I guess these are
ok, however the CA was an affected server - so this being used to
create the serverCA.pem and sign all the clients csr.pem files was an
issue.
What I have done in this instance is update the SSL on the affected
server, recreate the CA and re-sign all existing clients csr.pem files
and re-issue a new serverCA.pem ..
Is this enough ?
I am taking the assumption as no-one but me has access to the store,
and I create and admin all certs, setup the clients etc - that the
risk of someone accessing the data is minimal ?
In addition as the .raw keys were never an issue, the only weakness in
this instance was the actual store allowing weak SSL connections ?
I am really hoping to avoid re-sync'ing all the data, as it would take
days ...
Regards
Matt