[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: cgd and remote keys
I'm thinking we might want to take a step back and look at a general
key storage and distribution mechanism for these types of things
>From the looks of the thread, and the various solutions presented, it
sounds like we are 80% of the way there.
That said, if a solution moved along that was specific to this
particular problem merely took into account potential reuse in a
larger scheme, I think we would be ahead.
On 1/2/08, Alan Barrett <apb%cequrux.com@localhost> wrote:
> On Mon, 31 Dec 2007, Curt Sampson wrote:
> > [encrypted disk on machine with inaccessible console]
> > Is there an existing protocol we might use that would be as simple as
> > a simple TCP connection? (HTTP comes to mind.)
> Under FreeBSD with the "geli" disk encryption scheme, I once
> embedded an HTTPS server in the code that prompts for a password.
> The password prompt appears on the console as usual, and a web
> server starts listening on a configurable port; whichever gets a
> password first wins. I used a modified verion of shttpd as the
> embedded web server. shttpd is not in pkgsrc, but is available from
> <http://shttpd.sourceforge.net/>. My code is not ready for public
> consumption, but I could get it ready if there's interest.
> > Would anybody object to me writing and committing this, along with
> > committing a simple server to pkgsrc?
> I have no objection to your idea, but I prefer the HTTPS idea.
> --apb (Alan Barrett)
"Too bad $VOLUNTEERS don't get their act together and provide
$SOLUTION_TO_VERY_DIFFICULT_PROBLEM in a decent fashion" -- from IRC,
Main Index |
Thread Index |