securing FAS certs

[Stephen John Smoogen]

2008/8/21 Toshio Kuratomi <a.badger at gmail.com>:
> Hey bright idea bringers!
>
> The Fedora Certificates issued by FAS are currently set to be autogenerated
> if you have an account in FAS.  This has one drawback.  We have to keep the
> password for the CA keys that sign the FAS certificates in a file on the
> filesystem so that the automatic signing can use them.
>
> Has anyone else had to confront this problem?  Right now I'm thinking of
> coding something that involves human interaction to sign the certs and send
> email notifying people when their cert is ready to download. That's
> certainly doable, but introduces a wait time that isn't in the current
> design.  I'd love input on better ways to do this.
>

It depends on the level of security we are wanting. The most secure
places I have been at always make sure there is a human in the loop,
and that human's events  are regularly and randomly audited. Even
having hardware tokens to generate things (we had a device that was
hooked in via a serial port so it did not need a kernel driver) for a
high level of CIA you may want a set of humans looking at it. However
it puts in a delay. We would put a 24 hour delay in getting/creating
certs for people which meant we had time to confirm that the person
really was supposed to get it etc..

If the delay and the fact that we aren't doing background checks on
applicants, we probably want to do a multi-tier level of creating
tokens. One set would be ones that people need to be vetted somehow
and have more keys to the kingdom. The other set would be for people
doing common work flow at the project.

I wonder if we can come up with some serial port key generator. I
think the design was a locked box where you keyed in the the master
number via itsy-bitty dipswitches.



-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"