Changeset 697e6ca5 for postlfs/security
- Timestamp:
- 02/28/2018 04:11:20 PM (6 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- b285074
- Parents:
- 273653c
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/make-ca.xml
r273653c r697e6ca5 15 15 ]> 16 16 17 <sect1 id="make-ca" xreflabel="make-ca ">17 <sect1 id="make-ca" xreflabel="make-ca-&make-ca-version;"> 18 18 <?dbhtml filename="make-ca.html"?> 19 19 … … 23 23 </sect1info> 24 24 25 <title>make-ca</title> 26 27 <para>Public Key Infrastructure (PKI) is a method to validate the 28 authenticity of an otherwise unknown entity across untrusted networks. PKI 29 works by establishing a chain of trust, rather than trusting each individual 30 host or entity explicitly. In order for a certificate presented by a remote 31 entity to be trusted, that certificate must present a complete chain of 32 certificates that can be validated using the root certificate of a 33 Certificate Authority (CA) that is trusted by the local machine.</para> 34 35 <para>Establishing trust with a CA involves validating things like company 36 address, ownership, contact information, etc., and ensuring that the CA has 37 followed best practices, such as undergoing periodic security audits by 38 independent investigators and maintaining an always available certificate 39 revocation list. This is well outside the scope of BLFS (as it is for most 40 Linux distributions). The certificate store provided here is taken from the 41 Mozilla Foundation, who have established very strict inclusion policies 42 described 43 <ulink url="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/">here</ulink>.</para> 44 45 &lfs82_checked; 46 25 <title>make-ca-&make-ca-version;</title> 47 26 <indexterm zone="make-ca"> 48 27 <primary sortas="a-make-ca">make-ca</primary> … … 52 31 <title>Introduction to make-ca</title> 53 32 54 <bridgehead renderas="sect3">Package Information</bridgehead> 33 <para> 34 Public Key Infrastructure (PKI) is a method to validate the authenticity 35 of an otherwise unknown entity across untrusted networks. PKI works by 36 establishing a chain of trust, rather than trusting each individual host 37 or entity explicitly. In order for a certificate presented by a remote 38 entity to be trusted, that certificate must present a complete chain of 39 certificates that can be validated using the root certificate of a 40 Certificate Authority (CA) that is trusted by the local machine. 41 </para> 42 43 <para> 44 Establishing trust with a CA involves validating things like company 45 address, ownership, contact information, etc., and ensuring that the CA 46 has followed best practices, such as undergoing periodic security audits 47 by independent investigators and maintaining an always available 48 certificate revocation list. This is well outside the scope of BLFS (as 49 it is for most Linux distributions). The certificate store provided here 50 is taken from the Mozilla Foundation, who have established very strict 51 inclusion policies described <ulink 52 url="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/">here</ulink>. 53 </para> 54 55 &lfs82_checked; 56 57 <bridgehead renderas="sect3">Package Information</bridgehead> 55 58 <itemizedlist spacing="compact"> 56 59 <listitem>
Note:
See TracChangeset
for help on using the changeset viewer.