[Freeipa-devel] GSS-Proxy <-> TPM <-> PKCS#11 (silly idea)
Petr Spacek
pspacek at redhat.com
Tue Mar 4 16:40:57 UTC 2014
On 4.3.2014 17:25, Dmitri Pal wrote:
> On 03/04/2014 11:08 AM, Petr Spacek wrote:
>> On 16.2.2014 13:22, Simo Sorce wrote:
>>> On Fri, 2014-02-14 at 14:51 +0100, Petr Spacek wrote:
>>>> Hello,
>>>>
>>>> I have got an silly idea to use TPM (Trusted Platform Module) as backend for
>>>> Keytab storage (via GSS-Proxy).
>>>>
>>>> GSS-Proxy prevents application from accessing key material, right? So
>>>> GSS-Proxy could theoretically store keys in TPM and application wouldn't
>>>> notice any difference, right?
>>>>
>>>> We have libraries for that in Fedora already:
>>>> https://admin.fedoraproject.org/pkgdb/acls/name/trousers
>>>>
>>>>
>>>> Even sillier idea is to use TPM as a PKCS#11 module:
>>>> http://trousers.sourceforge.net/pkcs11.html
>>>>
>>>> I have no idea what the use case could be ... :-) May be as a "cache" for
>>>> PKCS#11 module in SSSD?
>>>>
>>>>
>>>> As I said, it is just a silly idea.
>>>>
>>>
>>> Open a ticket in the GSS-Proxy trac :)
>>
>> Is it a good topic for bachelor/master thesis? We are going to send list of
>> topics for next year so we have a chance to add it.
>>
>> We are not going to touch this any time soon so it sounds like a good idea
>> to me.
>>
> I am not sure. Sounds like a lot of work with questionable results...
I thought that it is purpose of thesis? :-)
Now seriously: We are not doing "research with questionable results" because
we don't have time for it - I perfectly understand that.
That is the reason why I'm proposing such crazy ideas for theses.
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list