On 08/04/2011 10:50 AM, Adam Young wrote:
>> DRM is the way to go. However it does not support symmetric keys now.
>> This is the pert that we need for volume keys. May be it is the vault
>> to store all sorts of keys. This is something that needs to be
>> designed and looked at as a broader perspective.
>> Adam likes to repeat a phase about dreaming big so I do. I want IPA
>> to be a vault for all sorts of keys and passwords and what else. If
>> DRM is the answer - great.
>> I can start listing the use cases that such a key store should
>> satisfy and we can design something that would altimately fit the
>> build but build gradually knocking use cases one by one.
>> I will take an action idem to come with the use cases. Give me couple
>> weeks as I am under water now...
> Specifically: the phrase is "Dream big, implement small."
> There are four things here, I'd guess, that should play into the design.
> 1. User certificates in IPA. Discussed already, and probably the
> first thing to implement on the IPA side.
> 2. DRM/KRA talking to an external CA. Not sure if this makes sense,
> has been discussed etc.
> 3. DRM/KRA Integration into IPA. Regardless of 2, we should talk
> through the use cases for integration
> 4. DRM/KRA Support for symmetric keys etc.
Except that use case 4 has a clear demand while 1 is a much bigger
undertaking and might require more time thus might be pushed further
down the road.
> Freeipa-users mailing list
Sr. Engineering Manager IPA project,
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list