Teddy Hogeborn <[EMAIL PROTECTED]> writes: > Hi there; I just wanted all you GnuTLS folks to know about our project > Mandos' slightly unusual use of GnuTLS. > > The goal of the Mandos system is to enable server computers to have an > encrypted root file system and still be able to reboot automatically > without anyone having to be there and type in a password. > > What happens is that we run a small Mandos client program at boot time > in the initial RAM disk environment (initrd), before even networking > is configured, using IPv6 link-local addresses. > > The Mandos client connects to the Mandos server. The Mandos clients > each have an OpenPGP key, which they use to handshake as TLS *servers* > to the Mandos server, which in turn handshakes as a TLS *client*. The > Mandos server does not have a key, but computes the fingerprint of the > OpenPGP key received from the Mandos client and looks up that > fingerprint in an internal list, and, if the fingerprint is found, > sends the corresponding binary blob to the client. > > (This binary blob is an OpenPGP-encrypted password necessary to unlock > the client's root file system, but this is no longer GnuTLS-related.)
Cool! I'm not sure you have to do the handshake backwards, couldn't just the mandos server have a OpenPGP key that the mandos client doesn't need to validate? One additional idea I get is to add some mechanism in the Mandos server to require authorization before sending the blob. I.e., the administrator is sent a jabber/e-mail/whatever ping that some machine needs to reboot, and then she needs to go to a web page and authorize the operation. Otherwise, the machine cannot boot. This might introduce network timeouts, but if the Mandos client is robust about that there shouldn't be a problem. This would protect against someone stealing a server without keeping it powered. You'll have a problem if someone also gets control of the Mandos server though... Maybe one could extend the scheme, so that N out of M machines have to participate in reconstructing the blob before any single machine can boots. Just getting control of <N of the M machine should not reveal any information. Whether this aspect is useful depends on your threat model. Maybe your model is different from what I assumed... > Oh yes, the project's home page: http://www.fukt.bsnet.se/mandos Thanks, added to <http://www.gnu.org/software/gnutls/programs.html>. /Simon _______________________________________________ Help-gnutls mailing list Help-gnutls@gnu.org http://lists.gnu.org/mailman/listinfo/help-gnutls
