DRM is the way to go. However it does not support symmetric keys now. This is the pert that we need for volume keys. May be it is the vault to store all sorts of keys. This is something that needs to be designed and looked at as a broader perspective. Adam likes to repeat a phase about dreaming big so I do. I want IPA to be a vault for all sorts of keys and passwords and what else. If DRM is the answer - great. I can start listing the use cases that such a key store should satisfy and we can design something that would altimately fit the build but build gradually knocking use cases one by one. I will take an action idem to come with the use cases. Give me couple weeks as I am under water now...

Specifically:  the phrase is "Dream big, implement small."

There are four things here, I'd guess, that should play into the design.

1. User certificates in IPA. Discussed already, and probably the first thing to implement on the IPA side. 2. DRM/KRA talking to an external CA. Not sure if this makes sense, has been discussed etc. 3. DRM/KRA Integration into IPA. Regardless of 2, we should talk through the use cases for integration
4.  DRM/KRA  Support for symmetric keys etc.

Freeipa-users mailing list

Reply via email to