securing FAS certs

Toshio Kuratomi a.badger at
Thu Aug 21 20:22:28 UTC 2008

Mike McGrath wrote:
> On Thu, 21 Aug 2008, Ricky Zhou wrote:
>> On 2008-08-21 02:21:34 PM, Mike McGrath wrote:
>>> I've never actually used a crypto card... Do they add additional security
>>> if they're sitting in a colo always plugged in?  If so how do they do
>>> that?
>> I might be wrong, but I think with such a card, encryption/signing takes
>> place entirely on the card, and thus the secret key is never transferred
>> anywhere off the card.
> Ah, so the theory being that if someone happens to hit us, they're only
> hitting us for as long as the machine is up / card is in.  And I assume
> the card actually tracks serial numbers and things so we can revoke
> anything that was signed in a questionable time?
That seems like it would work well.  Jesse's been having troubles 
obtaining the card he wants, though (and his is a gpg card, not for ssl 

the big thing might be having open source drivers.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Fedora-infrastructure-list mailing list