We currently keep many credentials in LastPass (*). ... If y'all would like to construct a recovery key for SA, then we'll happily store that into the ASF LastPass account.
Cheers, -g (*) after a couple LP security notices, we are considering other options, but that's neither here/there. if we switch vault providers in six months... we'll *still* have one for an SA recovery key. On Mon, May 15, 2017 at 5:27 PM, Kevin A. McGrail <[email protected] > wrote: > Greg, > > Dave Jones brings up a good point about longevity of encrypted things for > the foundation. Could infra maintain a key that can be added to things for > a backdoor? > > See below for a snapshot of the relevant thread for background. > > Regards, > KAM > > KAM: > What you should do is use the pub key at http://people.apache.org/~ > kmcgrail/ and encrypt a file with the password. <soapbox>Ideally, you > already have a key for me that chains to a circle of trust so you know for > sure it's me. They actually have key signing parties and stuff for this. > I've found it to be a PITA and doesn't make me feel better that the key is > valid. It's not like we are trained in verifying fake IDs so it's nothing > but an illusion of trust.</soapbox> > > Dave: My concern is I can sign it with your (Kevin's) key and even Brian's > key so the two of you can open it but what happens if another 5 or 10 years > go by and we 3 are no longer volunteering as SA sysadmins? The next > generation of sysadmins won't be able to open these files. > > There has to be a better way where we use an encrypted file with a master > password that we share and is recorded in a save place for the future. > > I use LastPass for this and I have my master password in an envelope in a > safe for my wife to open in the event I am no longer on this planet. I have > instructed her to take this envelope to any of my techie friends and they > would know how to help her get access of all of my online accounts. We > need something like this for this team. > > KAM: The first consideration is that the method above with SVN is > considered acceptable to the foundation and exists already. It long > predates me and has a strong encryption pedigree. It also doesn't rely on > a service being in business since it uses all open source software and > files that you can mirror today. > > What I have done that is similar to what you describe is that my > passphrase for my private key is in my safe. So should I leave this mortal > coil, the data is all recoverable. > > Also, we are trying to move away from master passwords as much as > possible. Sharing of root credentials should be avoided as just a general > security mantra. > > KAM: Do you feel strongly enough about it to debate it with infra and see > what their thoughts are? > > Dave: Not that strongly. I will be glad to go along with the existing > standards. Seems like there should be an escrow-ed key from the foundation > or something that we would also sign with for the future. > >
