securing FAS certs
Toshio Kuratomi
a.badger at gmail.com
Thu Aug 21 18:44:41 UTC 2008
Hey bright idea bringers!
The Fedora Certificates issued by FAS are currently set to be
autogenerated if you have an account in FAS. This has one drawback. We
have to keep the password for the CA keys that sign the FAS certificates
in a file on the filesystem so that the automatic signing can use them.
Has anyone else had to confront this problem? Right now I'm thinking of
coding something that involves human interaction to sign the certs and
send email notifying people when their cert is ready to download.
That's certainly doable, but introduces a wait time that isn't in the
current design. I'd love input on better ways to do this.
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20080821/303063e0/attachment.bin
More information about the infrastructure
mailing list