tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: cgd and remote keys



I'm thinking we might want to take a step back and look at a general
key storage and distribution mechanism for these types of things
within NetBSD.

>From the looks of the thread, and the various solutions presented, it
sounds like we are 80% of the way there.

That said, if a solution moved along that was specific to this
particular problem merely took into account potential reuse in a
larger scheme, I think we would be ahead.

-=erik.


On 1/2/08, Alan Barrett <apb%cequrux.com@localhost> wrote:
> On Mon, 31 Dec 2007, Curt Sampson wrote:
> > [encrypted disk on machine with inaccessible console]
> > Is there an existing protocol we might use that would be as simple as
> > a simple TCP connection? (HTTP comes to mind.)
>
> Under FreeBSD with the "geli" disk encryption scheme, I once
> embedded an HTTPS server in the code that prompts for a password.
> The password prompt appears on the console as usual, and a web
> server starts listening on a configurable port; whichever gets a
> password first wins.  I used a modified verion of shttpd as the
> embedded web server.  shttpd is not in pkgsrc, but is available from
> <http://shttpd.sourceforge.net/>.  My code is not ready for public
> consumption, but I could get it ready if there's interest.
>
> > Would anybody object to me writing and committing this, along with
> > committing a simple server to pkgsrc?
>
> I have no objection to your idea, but I prefer the HTTPS idea.
>
> --apb (Alan Barrett)
>


-- 
"Too bad $VOLUNTEERS don't get their act together and provide
$SOLUTION_TO_VERY_DIFFICULT_PROBLEM in a decent fashion"  -- from IRC,
#netbsd, EFNet



Home | Main Index | Thread Index | Old Index