On 8/3/11 1:02 PM, Stephen Gallagher wrote:
> So I guess what I'm saying is not "Don't use centrally managed key
> storage", but rather "If you use the key anywhere but in this
> administrative domain, do not put it in centrally-managed storage that
> anyone but you can ever gain access to it". 

Yes, I appreciate the distinction you raise.  Regarding your last
comment quoted above, to the best of my knowledge that is impossible.  I
regularly have discussions with people saying "an administrator could
always do X,Y and Z to access your supposedly private data" -- if there
are ways in which I could be wrong about that, I'd love to know them. 
Otherwise I believe that the key risks from a centralized keystore are:

* ease of compromise by an unscrupulous administrator
* extent of compromise if attacker gains administrative privs to central
keystore (although it sounds like the RH DRM system could significantly
reduce that)
* risk of compromise due to security vulnerabilities in central keystore

I think the general consensus is that you are always exposed to some
degree of risk, and it is necessary to evaluate the risks versus the
benefits.  There are some lovely lakes in northern Maine where you can
probably use your laptop without too much risk of compromised privacy,
or closer to home, I'm sure most of us can remember a day when we got
lots of useful work done on a computer with no network connection and
were excited when we got one new piece of software every few months.

In my risk/benefit world, a centralized keystore would be really useful.

And for the record, if any one of the computers I use is compromised
with a keyboard scanner or theft of my private ssh or X.509 keys, then
I'm in a whole world of pain, and not a small amount of inconvenience
(and risk of malicious attacks) to the various systems I regularly
access.  Best I can tell, that isn't too different from most people in
my situation, and short of that nice cabin in Maine, is simply the
reality (risk) of the kind of work I do, and the people I do it for.


<<attachment: ijstokes.vcf>>

Freeipa-users mailing list

Reply via email to