Re: [Freeipa-devel] GSS-Proxy <-> TPM <-> PKCS#11 (silly idea)

Tue, 04 Mar 2014 08:48:09 -0800 

On 03/04/2014 11:40 AM, Petr Spacek wrote:

On 4.3.2014 17:25, Dmitri Pal wrote:

On 03/04/2014 11:08 AM, Petr Spacek wrote:

On 16.2.2014 13:22, Simo Sorce wrote:

On Fri, 2014-02-14 at 14:51 +0100, Petr Spacek wrote:

Hello,
I have got an silly idea to use TPM (Trusted Platform Module) as backend for 
Keytab storage (via GSS-Proxy).

GSS-Proxy prevents application from accessing key material, right? So
GSS-Proxy could theoretically store keys in TPM and application wouldn't 
notice any difference, right?

We have libraries for that in Fedora already:
https://admin.fedoraproject.org/pkgdb/acls/name/trousers


Even sillier idea is to use TPM as a PKCS#11 module:
http://trousers.sourceforge.net/pkcs11.html
I have no idea what the use case could be ... :-) May be as a "cache" for 
PKCS#11 module in SSSD?


As I said, it is just a silly idea.



Open a ticket in the GSS-Proxy trac :)
Is it a good topic for bachelor/master thesis? We are going to send list of 
topics for next year so we have a chance to add it.
We are not going to touch this any time soon so it sounds like a good idea 
to me.


I am not sure. Sounds like a lot of work with questionable results...


I thought that it is purpose of thesis? :-)
Now seriously: We are not doing "research with questionable results" because we don't have time for it - I perfectly understand that. 

That is the reason why I'm proposing such crazy ideas for theses.
My hesitation is related to the satisfaction from the work being done by a student. We have many topics that we know we need for the project and taking them (and implementing right) would be beneficial for the project and rewarding for the student. With this idea I am concerned that since there is no clear drive for it to be needed there might not be enough motivation to make is usable for the project. 
But I might be wrong.

--
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to