securing FAS certs
Jeffrey Ollie
jeff at ocjtech.us
Thu Aug 21 19:18:49 UTC 2008
2008/8/21 Toshio Kuratomi <a.badger at gmail.com>:
>
> The Fedora Certificates issued by FAS are currently set to be autogenerated
> if you have an account in FAS. This has one drawback. We have to keep the
> password for the CA keys that sign the FAS certificates in a file on the
> filesystem so that the automatic signing can use them.
>
> Has anyone else had to confront this problem? Right now I'm thinking of
> coding something that involves human interaction to sign the certs and send
> email notifying people when their cert is ready to download. That's
> certainly doable, but introduces a wait time that isn't in the current
> design. I'd love input on better ways to do this.
What about using a crypto card like Jesse plans on using for Sigul?
Jeff
More information about the infrastructure
mailing list