On Fri, 22 Aug 2008, David Lutterkort wrote: > On Thu, 2008-08-21 at 14:18 -0500, Jeffrey Ollie wrote: > > What about using a crypto card like Jesse plans on using for Sigul? > > I wonder if a TPM can be (ab)used for this, too; they are pretty common > on newer hardware, and store a key in HW that can not be extracted. > > Not sure though if anybody has looked at using it to sign SSL certs, and > especially at keeping logs of what was signed in a way that makes it > impossible to tamper with those logs, e.g. to hide the signing of some > certs. > Possibly. I was looking earlier too for something like ssh-agent or gpg agent to serve this purpose... Haven't seen anything. Which.. well strikes me as strange. It'd be a software way to do what we're talking about. -Mike _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
