On Mon, Jun 24, 2024 at 5:48 PM Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote:
>
> If we decide that this is a good idea, we might be able to get funding to
> distribute these to all proven packagers (and perhaps more).
>
FD: I am *strongly* in favor of FIDO2 support.
As I recall from a previous query, there are
(around) 90 active proven packagers (and
~250 total who were in the PP group).
At ~$10/key (*) that is around $2500 total
for all PPs if everyone needed one (and since
FIDO2 keys are becoming more common in
many orgs, not everyone would need one).
The larger issue may be re-issue when a key
is lost/stolen (and some will be, eventually).
Enterprises tend to have various methods
to validate individuals and reissue new keys,
but Fedora may have to create some new
processes.
I also do not know if FIDO2 keys can be
shipped to the magic 4 countries, or any
of the additional ~34 countries (although
I have no idea if any PP's have mailing
addresses in those countries).
The larger issue continues to be that
while Passkey (the consumer branding
for the underlying FIDO2 technology)
support is apparently possible with the
latest FreeIPA, Ipsilon is (as I understand
it) essentially orphaned, and any
replacement (keycloak?) does not have
a schedule for deployment.
(*) Based on the key-id pricing. When
bought in bulk, better deals may be
possible from a number of vendors, and
some vendors might even be willing to
offer better deals (maybe even "free")
with various sponsorship deals
("Trusted by Fedora").
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
