securing FAS certs
mmcgrath at redhat.com
Thu Aug 21 19:40:58 UTC 2008
On Thu, 21 Aug 2008, Ricky Zhou wrote:
> On 2008-08-21 02:21:34 PM, Mike McGrath wrote:
> > I've never actually used a crypto card... Do they add additional security
> > if they're sitting in a colo always plugged in? If so how do they do
> > that?
> I might be wrong, but I think with such a card, encryption/signing takes
> place entirely on the card, and thus the secret key is never transferred
> anywhere off the card.
Ah, so the theory being that if someone happens to hit us, they're only
hitting us for as long as the machine is up / card is in. And I assume
the card actually tracks serial numbers and things so we can revoke
anything that was signed in a questionable time?
More information about the Fedora-infrastructure-list