On 8/3/11 1:02 PM, Stephen Gallagher wrote:
So I guess what I'm saying is not "Don't use centrally managed key storage", but rather "If you use the key anywhere but in this administrative domain, do not put it in centrally-managed storage that anyone but you can ever gain access to it".
Yes, I appreciate the distinction you raise. Regarding your last comment quoted above, to the best of my knowledge that is impossible. I regularly have discussions with people saying "an administrator could always do X,Y and Z to access your supposedly private data" -- if there are ways in which I could be wrong about that, I'd love to know them. Otherwise I believe that the key risks from a centralized keystore are:
* ease of compromise by an unscrupulous administrator
* extent of compromise if attacker gains administrative privs to central keystore (although it sounds like the RH DRM system could significantly reduce that)
* risk of compromise due to security vulnerabilities in central keystore software
I think the general consensus is that you are always exposed to some degree of risk, and it is necessary to evaluate the risks versus the benefits. There are some lovely lakes in northern Maine where you can probably use your laptop without too much risk of compromised privacy, or closer to home, I'm sure most of us can remember a day when we got lots of useful work done on a computer with no network connection and were excited when we got one new piece of software every few months.
In my risk/benefit world, a centralized keystore would be really useful.
And for the record, if any one of the computers I use is compromised with a keyboard scanner or theft of my private ssh or X.509 keys, then I'm in a whole world of pain, and not a small amount of inconvenience (and risk of malicious attacks) to the various systems I regularly access. Best I can tell, that isn't too different from most people in my situation, and short of that nice cabin in Maine, is simply the reality (risk) of the kind of work I do, and the people I do it for.
begin:vcard fn:Ian Stokes-Rees, PhD n:Stokes-Rees;Ian org:Harvard Medical School;Biological Chemistry and Molecular Pharmacology adr:250 Longwood Ave;;SGM-105;Boston;MA;02115;USA email;internet:ijstokes hkl hms harvard edu title:Research Associate, Sliz Lab tel;work:+1.617.432.5608 x75 tel;fax:+1.617.432.5600 tel;cell:+1.617.331.5993 url:http:/sbgrid.org version:2.1 end:vcard