summaryrefslogtreecommitdiff
path: root/Hurd
diff options
context:
space:
mode:
authorSam Mason <sam@samason.me.uk>2007-01-11 00:49:56 +0000
committerSam Mason <sam@samason.me.uk>2007-01-11 00:49:56 +0000
commited745cc59e6909ef8f72dab083ba1412369370c6 (patch)
treeada46b0f81651730e00c7c33280ccc5070803d85 /Hurd
parent933495391b5c6e5b8d983cf26f693a56b1c69222 (diff)
none
Diffstat (limited to 'Hurd')
-rw-r--r--Hurd/UseCasePrivateKeys.mdwn13
1 files changed, 13 insertions, 0 deletions
diff --git a/Hurd/UseCasePrivateKeys.mdwn b/Hurd/UseCasePrivateKeys.mdwn
new file mode 100644
index 00000000..612a8f25
--- /dev/null
+++ b/Hurd/UseCasePrivateKeys.mdwn
@@ -0,0 +1,13 @@
+_Private Keys_ as used by SSH servers, clients and generally by any cryptographic software need to be stored and manipulated securely. These may get replaced with smartcards soon, but in the mean time it appears to be an interesting use case.
+
+All Unix systems that I am aware of do not allow secrets to be protected in a manner that I would feel is appropiate. A users compromised web browser could either read your private key file or talk to the very popular ssh-agent program and get your secrets out (not sure how popular distributions are configured, but it can be done).
+
+The requirements so far are:
+
+* The secrets should not be available to general programs
+* The ability to use secrets for their intended purpose (signing/encryption/decryption/ssl streams)
+* Programs using decrypted data should be, by default, confined so that the data can't escape
+* Must be able to backupand restore secrets securely
+* Upgrading the agent software must be possible! using the backup/restore mechanism?
+
+-- [[Main/SamMason]] - 11 Jan 2007