“Bob, why do you always complain when people encrypt their web server’s SSL keys with DES3?”
Well, since you ask, it’s because the web server needs human interaction to start. You need to supply the password.
To remember the password you need to write it down somewhere. Or store it online so you can retrieve it. These are potentially insecure, they are avenues of compromise, and at the very least they create more work for already busy administration teams.
You could set the password to be the same on all the servers, and tell everybody what it is. That might solve the administration problem but negate any value from encryption.
Having a password means you cannot background the web server startup process. You can’t have the web server automatically start, so you can’t have a machine that just fixes itself on boot. One of my main tenets of large-scale system administration is that a system must make itself right on startup. If the machine boots but doesn’t immediately begin doing its job it is faulty. Any process that requires human interaction does not qualify as automatic.
I’m all for defense-in-depth, but not when it sacrifices so much to gain so little. Who would have access to the server key? The admins, and maybe the users on the machines. The users on my machines generally share the same positive goal as I, and I don’t give accounts to those I don’t deem trustworthy. I fight problems with hacked accounts with firewalling and password checking and policy and user education. I can fight more potential corruption by ensuring that the keys are properly chown’ed and chmod’ed 400.
What am I fighting with -des3, aside from myself? Someone give me a good example, please.