Re: securing FAS certs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 21 Aug 2008, Jeffrey Ollie wrote:

> 2008/8/21 Toshio Kuratomi <a.badger@xxxxxxxxx>:
> >
> > The Fedora Certificates issued by FAS are currently set to be autogenerated
> > if you have an account in FAS.  This has one drawback.  We have to keep the
> > password for the CA keys that sign the FAS certificates in a file on the
> > filesystem so that the automatic signing can use them.
> >
> > Has anyone else had to confront this problem?  Right now I'm thinking of
> > coding something that involves human interaction to sign the certs and send
> > email notifying people when their cert is ready to download. That's
> > certainly doable, but introduces a wait time that isn't in the current
> > design.  I'd love input on better ways to do this.
>
> What about using a crypto card like Jesse plans on using for Sigul?
>

I've never actually used a crypto card... Do they add additional security
if they're sitting in a colo always plugged in?  If so how do they do
that?

	-Mike

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux