tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: cgd and remote keys

I'm thinking we might want to take a step back and look at a general
key storage and distribution mechanism for these types of things
within NetBSD.

>From the looks of the thread, and the various solutions presented, it
sounds like we are 80% of the way there.

That said, if a solution moved along that was specific to this
particular problem merely took into account potential reuse in a
larger scheme, I think we would be ahead.


On 1/2/08, Alan Barrett <> wrote:
> On Mon, 31 Dec 2007, Curt Sampson wrote:
> > [encrypted disk on machine with inaccessible console]
> > Is there an existing protocol we might use that would be as simple as
> > a simple TCP connection? (HTTP comes to mind.)
> Under FreeBSD with the "geli" disk encryption scheme, I once
> embedded an HTTPS server in the code that prompts for a password.
> The password prompt appears on the console as usual, and a web
> server starts listening on a configurable port; whichever gets a
> password first wins.  I used a modified verion of shttpd as the
> embedded web server.  shttpd is not in pkgsrc, but is available from
> <>.  My code is not ready for public
> consumption, but I could get it ready if there's interest.
> > Would anybody object to me writing and committing this, along with
> > committing a simple server to pkgsrc?
> I have no objection to your idea, but I prefer the HTTPS idea.
> --apb (Alan Barrett)

"Too bad $VOLUNTEERS don't get their act together and provide
$SOLUTION_TO_VERY_DIFFICULT_PROBLEM in a decent fashion"  -- from IRC,
#netbsd, EFNet

Home | Main Index | Thread Index | Old Index