We currently keep many credentials in LastPass (*). ... If y'all would like
to construct a recovery key for SA, then we'll happily store that into the
ASF LastPass account.

Cheers,
-g

(*) after a couple LP security notices, we are considering other options,
but that's neither here/there. if we switch vault providers in six
months... we'll *still* have one for an SA recovery key.


On Mon, May 15, 2017 at 5:27 PM, Kevin A. McGrail <[email protected]
> wrote:

> Greg,
>
> Dave Jones brings up a good point about longevity of encrypted things for
> the foundation.  Could infra maintain a key that can be added to things for
> a backdoor?
>
> See below for a snapshot of the relevant thread for background.
>
> Regards,
> KAM
>
> KAM:
> What you should do is use the pub key at http://people.apache.org/~
> kmcgrail/ and encrypt a file with the password.  <soapbox>Ideally, you
> already have a key for me that chains to a circle of trust so you know for
> sure it's me.  They actually have key signing parties and stuff for this.
> I've found it to be a PITA and doesn't make me feel better that the key is
> valid.  It's not like we are trained in verifying fake IDs so it's nothing
> but an illusion of trust.</soapbox>
>
> Dave: My concern is I can sign it with your (Kevin's) key and even Brian's
> key so the two of you can open it but what happens if another 5 or 10 years
> go by and we 3 are no longer volunteering as SA sysadmins?  The next
> generation of sysadmins won't be able to open these files.
>
> There has to be a better way where we use an encrypted file with a master
> password that we share and is recorded in a save place for the future.
>
> I use LastPass for this and I have my master password in an envelope in a
> safe for my wife to open in the event I am no longer on this planet. I have
> instructed her to take this envelope to any of my techie friends and they
> would know how to help her get access of all of my online accounts.  We
> need something like this for this team.
>
> KAM: The first consideration is that the method above with SVN is
> considered acceptable to the foundation and exists already.  It long
> predates me and has a strong encryption pedigree.  It also doesn't rely on
> a service being in business since it uses all open source software and
> files that you can mirror today.
>
> What I have done that is similar to what you describe is that my
> passphrase for my private key is in my safe.  So should I leave this mortal
> coil, the data is all recoverable.
>
> Also, we are trying to move away from master passwords as much as
> possible.  Sharing of root credentials should be avoided as just a general
> security mantra.
>
> KAM: Do you feel strongly enough about it to debate it with infra and see
> what their thoughts are?
>
> Dave: Not that strongly.  I will be glad to go along with the existing
> standards.  Seems like there should be an escrow-ed key from the foundation
> or something that we would also sign with for the future.
>
>

Reply via email to