securing FAS certs

David Lutterkort lutter at redhat.com
Fri Aug 22 20:06:55 UTC 2008


On Thu, 2008-08-21 at 14:18 -0500, Jeffrey Ollie wrote:
> What about using a crypto card like Jesse plans on using for Sigul?

I wonder if a TPM can be (ab)used for this, too; they are pretty common
on newer hardware, and store a key in HW that can not be extracted. 

Not sure though if anybody has looked at using it to sign SSL certs, and
especially at keeping logs of what was signed in a way that makes it
impossible to tamper with those logs, e.g. to hide the signing of some
certs.

David





More information about the Fedora-infrastructure-list mailing list