On Thu, 2015-04-02 at 16:18 +0200, Thomas Calderon wrote: > Hi, > Example of server process that are PKCS#11 compatible: > * Daemons:
It would be really useful to have a wiki which explains how to setup the daemons with caml-crush. I've setup a temporary page at https://fedoraproject.org/wiki/User:Nmav/caml-crush > Of course wider support would be great (sshd, postfix, dovecot, etc), sshd already uses privilege separation so the keys are already outside the server context. Unfortunately it is one of the very few servers that does that. Everything else would be nice to support it though. > Now, in order to further isolate I would recommend the following > approach: > Take advantage of SoftHSM being SW to create as many "slots" as there > are use-cases (one for Apache, one for strongswan, etc). That's a nice approach. I'll enhance the command line tool to add/remove slots on demand. regards, Nikos -- security mailing list security@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/security
