securing FAS certs

Mike McGrath mmcgrath at
Thu Aug 21 19:40:58 UTC 2008

On Thu, 21 Aug 2008, Ricky Zhou wrote:

> On 2008-08-21 02:21:34 PM, Mike McGrath wrote:
> > I've never actually used a crypto card... Do they add additional security
> > if they're sitting in a colo always plugged in?  If so how do they do
> > that?
> I might be wrong, but I think with such a card, encryption/signing takes
> place entirely on the card, and thus the secret key is never transferred
> anywhere off the card.

Ah, so the theory being that if someone happens to hit us, they're only
hitting us for as long as the machine is up / card is in.  And I assume
the card actually tracks serial numbers and things so we can revoke
anything that was signed in a questionable time?


More information about the Fedora-infrastructure-list mailing list