summaryrefslogtreecommitdiff
path: root/Hurd/UseCasePrivateKeys.mdwn
diff options
context:
space:
mode:
authorThomas Schwinge <tschwinge@gnu.org>2007-08-12 22:14:29 +0200
committerThomas Schwinge <tschwinge@gnu.org>2007-08-12 22:14:29 +0200
commit80af51ad8c2b60abd1295f7209c2a8099211c899 (patch)
tree7f27aa87cc29f330d01927e62d401db42ef231bd /Hurd/UseCasePrivateKeys.mdwn
parentae128d097693da524c4a35d42fdc39b8d8b557dd (diff)
Move the NextHurd files to where they belong.
Diffstat (limited to 'Hurd/UseCasePrivateKeys.mdwn')
-rw-r--r--Hurd/UseCasePrivateKeys.mdwn13
1 files changed, 0 insertions, 13 deletions
diff --git a/Hurd/UseCasePrivateKeys.mdwn b/Hurd/UseCasePrivateKeys.mdwn
deleted file mode 100644
index 612a8f25..00000000
--- a/Hurd/UseCasePrivateKeys.mdwn
+++ /dev/null
@@ -1,13 +0,0 @@
-_Private Keys_ as used by SSH servers, clients and generally by any cryptographic software need to be stored and manipulated securely. These may get replaced with smartcards soon, but in the mean time it appears to be an interesting use case.
-
-All Unix systems that I am aware of do not allow secrets to be protected in a manner that I would feel is appropiate. A users compromised web browser could either read your private key file or talk to the very popular ssh-agent program and get your secrets out (not sure how popular distributions are configured, but it can be done).
-
-The requirements so far are:
-
-* The secrets should not be available to general programs
-* The ability to use secrets for their intended purpose (signing/encryption/decryption/ssl streams)
-* Programs using decrypted data should be, by default, confined so that the data can't escape
-* Must be able to backupand restore secrets securely
-* Upgrading the agent software must be possible! using the backup/restore mechanism?
-
--- [[Main/SamMason]] - 11 Jan 2007