Comment 5 for bug 1214016
Revision history for this message
| John Dennis (jdennis-a) wrote Re: CA key and signing key are not password protected | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
re comment #4
You are correct on several counts.
Yes, handling key material in unattended systems is tricky. Fixing this bug is not meant to address this issue which really deserves it's own blueprint feature.
Yes, it is likely the PBE password and the key material are likely to be treated the same way, hence the feature is dubious from a security viewpoint.
The primary reason to keep the PBE password feature is for externally provided key material which is already encrypted, possibly because the organizations security policy demands it be encrypted. (Of course the security policy should also address how the PBE password is managed, but we can't make those decisions on behalf of an organization)
Right now the primary issue is the feature is broken because it's not consistently applied. So we either remove the feature, or fix it so it's functional in all code paths.
I suspect you would vote for removing the feature because of it's dubious advantage. I would tend to agree if it weren't for the fact organizational security policies, even if misguided usually must be observed. If a piece of software can't comply with the policy then often deploying the software is forbidden. Policy compliance is the only to keep the feature I can think of.