<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<br>
On 8/3/11 1:02 PM, Stephen Gallagher wrote:
<blockquote
cite="mid:1312390943.2125.17.camel@sgallagh520.bos.redhat.com"
type="cite">
So I guess what I'm saying is not "Don't use centrally managed key
storage", but rather "If you use the key anywhere but in this
administrative domain, do not put it in centrally-managed storage
that
anyone but you can ever gain access to it".
</blockquote>
<br>
Yes, I appreciate the distinction you raise. Regarding your last
comment quoted above, to the best of my knowledge that is
impossible. I regularly have discussions with people saying "an
administrator could always do X,Y and Z to access your supposedly
private data" -- if there are ways in which I could be wrong about
that, I'd love to know them. Otherwise I believe that the key risks
from a centralized keystore are:<br>
<br>
* ease of compromise by an unscrupulous administrator<br>
* extent of compromise if attacker gains administrative privs to
central keystore (although it sounds like the RH DRM system could
significantly reduce that)<br>
* risk of compromise due to security vulnerabilities in central
keystore software<br>
<br>
I think the general consensus is that you are always exposed to some
degree of risk, and it is necessary to evaluate the risks versus the
benefits. There are some lovely lakes in northern Maine where you
can probably use your laptop without too much risk of compromised
privacy, or closer to home, I'm sure most of us can remember a day
when we got lots of useful work done on a computer with no network
connection and were excited when we got one new piece of software
every few months.<br>
<br>
In my risk/benefit world, a centralized keystore would be really
useful.<br>
<br>
And for the record, if any one of the computers I use is compromised
with a keyboard scanner or theft of my private ssh or X.509 keys,
then I'm in a whole world of pain, and not a small amount of
inconvenience (and risk of malicious attacks) to the various systems
I regularly access. Best I can tell, that isn't too different from
most people in my situation, and short of that nice cabin in Maine,
is simply the reality (risk) of the kind of work I do, and the
people I do it for.<br>
<br>
Ian<br>
</body>
</html>