* Colin Watson: > On Wed, Jan 08, 2014 at 08:31:11AM +0100, Florian Weimer wrote: >> Furthermore, we need to store the keys for all EV certificates (both >> the certificate used for submission, and the certificate embedded in >> the shim) in devices that meet at least FIPS 140 Level 2. Such >> devices that are affordable, support secure, remote operation, and are >> compatible with free software environments are difficult to find. >> (But perhaps we can find a DD who agrees to keep the keys in his or >> her home and manually signs our kernels, using Windows if necessary.) > > We (Canonical) have been trying to get this requirement made a bit more > sane; we keep our SB root certificate split up among a number of > shareholders using gfshare, which we believe should be functionally > adequate for this. Steve Langasek may know where this sits.
Have you had any success in this endeavor? -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
