On Fri, Jul 21, 2017 at 12:42:38PM -0700, Russ Allbery wrote:
>
> Yeah, if you're worried about portable keys, that's when you probably want
> to do something with a system TPM. If you go down that path, I'd probably
> try to figure out some way to do PKINIT using a TLS certificate stored in
> the TPM. I'm not aware of anyone who has already done that work, but it
> would be a pretty interesting project.
Or implement a subset of Kerberos as a smartcard application, so the
key would live in the smart card, and the smartcard would only do
operations if the proper pin/password is submitted --- much like how
the GPG smartcard application works.
For a server, the pin/password for the smartcard would have to be
stored on the disk, or entered by the system administrator each time
the system reboots, so it's not clear how much this would really help
you. The same is true for the system TPM alternative as well of
course, but at least with the smartcard approach, you could easily
remove the smartcard if you wanted to put the server/laptop into a
"safe" mode where the keying materials have been separated from the
system.
It all depends on your specific threat model and what you are trying
to protect against....
- Ted
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
