[Freeipa-users] Use of FreeIPA or FreeIPA LDAP server to hold private keys
Adam Young
ayoung at redhat.com
Thu Aug 4 14:50:45 UTC 2011
> DRM is the way to go. However it does not support symmetric keys now.
> This is the pert that we need for volume keys. May be it is the vault
> to store all sorts of keys. This is something that needs to be
> designed and looked at as a broader perspective.
> Adam likes to repeat a phase about dreaming big so I do. I want IPA to
> be a vault for all sorts of keys and passwords and what else. If DRM
> is the answer - great.
> I can start listing the use cases that such a key store should satisfy
> and we can design something that would altimately fit the build but
> build gradually knocking use cases one by one.
> I will take an action idem to come with the use cases. Give me couple
> weeks as I am under water now...
Specifically: the phrase is "Dream big, implement small."
There are four things here, I'd guess, that should play into the design.
1. User certificates in IPA. Discussed already, and probably the
first thing to implement on the IPA side.
2. DRM/KRA talking to an external CA. Not sure if this makes sense,
has been discussed etc.
3. DRM/KRA Integration into IPA. Regardless of 2, we should talk
through the use cases for integration
4. DRM/KRA Support for symmetric keys etc.
More information about the Freeipa-users
mailing list