On 08/04/2011 10:50 AM, Adam Young wrote:
>> DRM is the way to go. However it does not support symmetric keys now.
>> This is the pert that we need for volume keys. May be it is the vault
>> to store all sorts of keys. This is something that needs to be
>> designed and looked at as a broader perspective.
>> Adam likes to repeat a phase about dreaming big so I do. I want IPA
>> to be a vault for all sorts of keys and passwords and what else. If
>> DRM is the answer - great.
>> I can start listing the use cases that such a key store should
>> satisfy and we can design something that would altimately fit the
>> build but build gradually knocking use cases one by one.
>> I will take an action idem to come with the use cases. Give me couple
>> weeks as I am under water now...
> Specifically:  the phrase is "Dream big, implement small."
> There are four things here, I'd guess, that should play into the design.
> 1.  User certificates in IPA.  Discussed  already, and probably the
> first thing to implement on the IPA side.
> 2.  DRM/KRA  talking to an external CA.  Not sure if this makes sense,
> has been discussed etc.
> 3.  DRM/KRA  Integration into IPA.  Regardless of 2, we should talk
> through the use cases for integration
> 4.  DRM/KRA  Support for symmetric keys etc.

Except that use case 4 has a clear demand while 1 is a much bigger
undertaking and might require more time thus might be pushed further
down the road.

> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to