On Fri, Apr 12, 2013 at 11:50:45PM +0100, Ben Hutchings wrote:
On Fri, Apr 12, 2013 at 05:38:38PM -0500, Peter Samuelson wrote:
[Russ Allbery]
Oh, I thought they'd given up on Safe. For some reason it stuck in
my mind that it had too many issues and ended up being deprecated.
Please take your FUD elsewhere.
It's an implementation of the JavaCard specification. It's not
something that runs in your web browser, but they're both called
applets.
Does it require a JRE to be installed (which the security community
avoids for good reason), if so then it does reduce
Kevin Chadwick ma1l1i...@yahoo.co.uk writes:
Does it require a JRE to be installed (which the security community
avoids for good reason), if so then it does reduce your server/machine
security,
Oh, for heaven's sake.
I've been doing systems administration professionally for twenty years and
On Sat, 2013-04-13 at 18:46 +0100, Kevin Chadwick wrote:
Please take your FUD elsewhere.
It's an implementation of the JavaCard specification. It's not
something that runs in your web browser, but they're both called
applets.
Does it require a JRE to be installed (which the security
Please take your FUD elsewhere.
It's an implementation of the JavaCard specification. It's not
something that runs in your web browser, but they're both called
applets.
Does it require a JRE to be installed (which the security community
avoids for good reason), if so then
]] Thomas Goirand
On 04/12/2013 03:25 AM, Tollef Fog Heen wrote:
The Yubikey neo can run the java applet thingies, it seems, so it can
act as a GPG token too.
Please, please, please ... no java!!!
That's a security nightmare. I think we'd be less safe with
than without it.
Please take
Thomas Goirand z...@debian.org writes:
On 04/12/2013 03:25 AM, Tollef Fog Heen wrote:
The Yubikey neo can run the java applet thingies, it seems, so it can
act as a GPG token too.
Please, please, please ... no java!!! That's a security nightmare. I
think we'd be less safe with than without
On Thu, 11 Apr 2013, Russ Allbery wrote:
Sandboxing programming languages is very difficult; most languages
don't even attempt it. Perl used to have a sandboxing module and
gave up on it because it was too hard, thus making it even less
secure than Java in that specific respect, but no one
Don Armstrong d...@debian.org writes:
On Thu, 11 Apr 2013, Russ Allbery wrote:
Sandboxing programming languages is very difficult; most languages
don't even attempt it. Perl used to have a sandboxing module and gave
up on it because it was too hard, thus making it even less secure than
Java
On 04/12/2013 02:37 PM, Tollef Fog Heen wrote:
It's an implementation of the JavaCard specification. It's not
something that runs in your web browser, but they're both called
applets.
Oh, that's right, sorry but it was quite confusing.
I then withdraw what I wrote, of course.
Thomas
--
To
On 04/12/2013 01:58 PM, Daniel Pocock wrote:
There was never any suggestion to make something mandatory, I actually
agree with those concerns
Given the nature of Debian, it would be a personalised solution
So, if a DD regularly accesses Debian infrastructure from a PC that he
does not
On Thu 11 Apr 2013 19:29:40 Martin Zobel-Helas escribió:
Hi,
On Thu Apr 11, 2013 at 19:04:24 -0300, Lisandro Damián Nicanor Pérez Meyer
wrote:
On Thu 11 Apr 2013 16:04:40 Luca Filipozzi escribió:
[snip]
Finally, if we are going to require DDs to have a physical object
On 11.04.2013 15:35, Paul Tagliamonte wrote:
Completely unrelated to it's GSoC-eyness (which I would love to see,
quick, put it on the ideas page and put interested parties as
mentors!),
I really hate the idea of loosing an unencrypted copy of my GPG
private half. I misplace everything, I
On Thu, Apr 11, 2013 at 11:49:35PM -0700, Russ Allbery wrote:
Thomas Goirand z...@debian.org writes:
On 04/12/2013 03:25 AM, Tollef Fog Heen wrote:
The Yubikey neo can run the java applet thingies, it seems, so it can
act as a GPG token too.
Please, please, please ... no java!!! That's
Steve Langasek vor...@debian.org writes:
On Thu, Apr 11, 2013 at 11:49:35PM -0700, Russ Allbery wrote:
Thomas Goirand z...@debian.org writes:
On 04/12/2013 03:25 AM, Tollef Fog Heen wrote:
The Yubikey neo can run the java applet thingies, it seems, so it can
act as a GPG token too.
Please,
[Russ Allbery]
Oh, I thought they'd given up on Safe. For some reason it stuck in
my mind that it had too many issues and ended up being deprecated.
Apparently, I either made that up or misremembered something.
Possibly you were thinking of suidperl, the hack to allow Perl programs
to use
On Fri, Apr 12, 2013 at 05:38:38PM -0500, Peter Samuelson wrote:
[Russ Allbery]
Oh, I thought they'd given up on Safe. For some reason it stuck in
my mind that it had too many issues and ended up being deprecated.
Apparently, I either made that up or misremembered something.
Possibly
Fedora recently put in Yubikey for their packagers[1], although they are
only half way there, supporting sudo but not web auth so far.
Similar things could probably happen in Debian.
I've proposed two-factor authentication as a potential area for a GSoC
project[2], two things come up:
a)
Hi,
DSA are already looking at two factor authentication, but TOTP based rather
than HOTP. There are plenty of TOTP calculators that could be deployed on
smart phones, etc. rather than requiring DDs to own a YubiKey (and have USB
port available... i wonder if my iPad has a USB port...).
]] Luca Filipozzi
I can help with a GSoC but I think DSA would prefer to lean in the direction
of
the above.
I'm also happy to help with it. I have a bit of experience with the
yubikey tokens, and at least one of the upstreams is on the path to
DDship, so I think we're reasonably well
On Thu, Apr 11, 2013 at 09:25:02PM +0200, Tollef Fog Heen wrote:
]] Luca Filipozzi
I can help with a GSoC but I think DSA would prefer to lean in the
direction of
the above.
I'm also happy to help with it. I have a bit of experience with the
yubikey tokens, and at least one of the
On 11/04/13 21:25, Tollef Fog Heen wrote:
]] Luca Filipozzi
I can help with a GSoC but I think DSA would prefer to lean in the direction
of
the above.
I'm also happy to help with it. I have a bit of experience with the
yubikey tokens, and at least one of the upstreams is on the path
On Thu, Apr 11, 2013 at 07:04:40PM +, Luca Filipozzi wrote:
Aslo, we have sso.debian.org, whose use we should expand.
I'd love to see that.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Hi,
Aslo, we have sso.debian.org, whose use we should expand.
DACS (http://dacs.dss.ca) the software behind sso.debian.org also
support one-time passwords [1]. I had no time yet to setup anything
regarding this, but I welcome help.
Cheers,
Martin
[1] http://dacs.dss.ca/man/dacstoken.1.html
On Thu, Apr 11, 2013 at 03:35:35PM -0400, Paul Tagliamonte wrote:
I really hate the idea of loosing an unencrypted copy of my GPG
private half. I misplace everything, I don't need someone finding a copy
of my GPG key and abusing it :)
You write the private key to the token. You can't read it
On Thu 11 Apr 2013 16:04:40 Luca Filipozzi escribió:
[snip]
Finally, if we are going to require DDs to have a physical object
Then the project would possibly start loosing contributors like me, who have
lots of problems with customs and getting dollars, specially if it's about
technological
Hi,
On Thu Apr 11, 2013 at 19:04:24 -0300, Lisandro Damián Nicanor Pérez Meyer
wrote:
On Thu 11 Apr 2013 16:04:40 Luca Filipozzi escribió:
[snip]
Finally, if we are going to require DDs to have a physical object
^^
||
In other words: -1 from me.
I read Luca's
On 04/12/2013 03:25 AM, Tollef Fog Heen wrote:
The Yubikey neo can run the java applet thingies, it seems, so it can
act as a GPG token too.
Please, please, please ... no java!!!
That's a security nightmare. I think we'd be less safe with
than without it.
Also, while I think the idea is nice,
On 12/04/13 07:56, Thomas Goirand wrote:
On 04/12/2013 03:25 AM, Tollef Fog Heen wrote:
The Yubikey neo can run the java applet thingies, it seems, so it can
act as a GPG token too.
Please, please, please ... no java!!!
That's a security nightmare. I think we'd be less safe with
than
29 matches
Mail list logo
