Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate OfflineMasterKey with a Qubes offlineVM #63

Open
nusenu opened this issue Mar 6, 2016 · 2 comments
Open

Integrate OfflineMasterKey with a Qubes offlineVM #63

nusenu opened this issue Mar 6, 2016 · 2 comments
Labels
enhancement

Comments

@nusenu
Copy link
Owner

nusenu commented Mar 6, 2016

The idea is to have a minimal qrexec service that allows the VM running ansible to ask an offlineVM storing Ed25519 master keys for new signing keys.
The offlineVM will generate new Ed25519 signing keys and push them to the ansibleVM.

If the VM running ansible gets compromised, the attacker does not get the Ed25519 master keys (but he can ask for new signing keys).
The key lifetime is configured in the offlineVM and not specified by the ansibleVM.

This involves some initial manual steps when deploying a new relay and does not protect the RSA key (which is on the relay anyway).
@nusenu
Copy link
Owner Author

nusenu commented Apr 22, 2016

This will start to make (more) sense once tor no longer requires (online) RSA keys.

@nusenu
Copy link
Owner Author

nusenu commented Nov 5, 2016

An example why this feature is worthwhile to implement:
Ansible security vulnerability allowing target servers to inject commands on the ansible controller host (CVE-2016-8628).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nusenu