[Freeipa-devel] Password Vault Implementation

[Simo Sorce]

On Tue, 2014-07-15 at 09:13 -0500, Endi Sukma Dewata wrote:
> Hi,
> 
> I've been working on the implementation details of password vault:
> http://www.freeipa.org/page/V4/Password_Vault_Implementation
> 
> There are some issues (i.e. vault password and vault key) that aren't 
> specifically defined in the design, so we need to make some decisions.
> 
> Please let me know if you have any comments or questions. Thanks!

I am reading this document and there are some things I need to ask
clarification for:

* In "Vault password and secret key" you describe a mechanism where you
store a hash of the password used to generate the secret key, why ?
What's the purpose ?

* Why shared vaults need to be in a /shared/ namespace ?
Can't a user create a vault and then share it with other users ?
Ie should the fact a vault is shared just a property that can be changed
at any time ? If not, why not ?

* In "Listing secrets in a vault " it seem that the metadata about
various secrets is obtainable in the clear, is that so ?
I am not sure it is a good idea to give blatant hints about what is
being encrypted in the vault.

* In "Modifying a secret" you use "ipa vault-secret-del" but you mean
-mod I guess.

* Why services are in the /shared/ namespace ?

* The paragraph "Changing service vault password" confuses me, is it
correct ?

I have not fully internalized all there is there, but most of it looks
quite good.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York