Re: xdg-basedir for secrets
On Friday, June 07, 2019 03:49:45 PM Jonas DOREL wrote: > To me, secrets are fundamentally different from data (even confidential > data) because they serve as a mean to authenticate you or authorize your > utilisation of some services. +1 > I guess the question is: should there be a dedicated folder for secrets > or should they just be in XDG_DATA_HOME and manage differently by the > applications (through your configuration) ? From the peanut gallery, I think it should be somewhere other than XDG_DATA_HOME (and ...CONFIG), but probably not refer to it as ...SECRETS. ___ xdg mailing list xdg@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/xdg
Re: xdg-basedir for secrets
To me, secrets are fundamentally different from data (even confidential data) because they serve as a mean to authenticate you or authorize your utilisation of some services. I guess the question is: should there be a dedicated folder for secrets or should they just be in XDG_DATA_HOME and manage differently by the applications (through your configuration) ? Jonas DOREL 6/7/19 5:57 PM, Simon McVittie wrote: > On Fri, 07 Jun 2019 at 15:19:25 +0200, Bardot Jérôme wrote: >> Le 06/06/2019 à 23:15, Jonas DOREL a écrit : >>> Currently, most secrets (SSH Keys, GPG Keys, OAuth token) seems to be >>> located in XDG_CONFIG_HOME. >> And they should not, secrets are data not config. (for me) > For what it's worth, gnome-keyring's maintainers seem to agree (it uses > XDG_DATA_HOME/keyrings). > >> For me as far as possible all /home data should have an as strict as >> possible policy. > Strict permissions are best-practice for all the XDG basedirs. The > basedir spec says that applications writing to the basedirs should create > XDG_CONFIG_HOME, XDG_DATA_HOME or XDG_CACHE_HOME with 0700 (rwx--) > permissions if they don't already exist. > >> if i do it for my emails, or my calendars, or my bookmark we need a >> strict policy behaviours. > Yes, emails, calendars and bookmarks are examples of things that tend > to contain private or sensitive information, and should not be readable > by other users unless the owner has specifically configured that. > In some cases these (especially emails) will contain passwords and > other secrets. > > If 0700 permissions and whatever encryption-at-rest your OS/machine might > have are not considered to be sufficient protection for a particular > secret (for example a GPG or SSH key), then I would recommend using a > USB cryptographic token (Nitrokey, Yubikey or similar) and not storing > it on disk at all. > > smcv ___ xdg mailing list xdg@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/xdg
Re: xdg-basedir for secrets
On Fri, 07 Jun 2019 at 15:19:25 +0200, Bardot Jérôme wrote: > Le 06/06/2019 à 23:15, Jonas DOREL a écrit : > > Currently, most secrets (SSH Keys, GPG Keys, OAuth token) seems to be > > located in XDG_CONFIG_HOME. > And they should not, secrets are data not config. (for me) For what it's worth, gnome-keyring's maintainers seem to agree (it uses XDG_DATA_HOME/keyrings). > For me as far as possible all /home data should have an as strict as > possible policy. Strict permissions are best-practice for all the XDG basedirs. The basedir spec says that applications writing to the basedirs should create XDG_CONFIG_HOME, XDG_DATA_HOME or XDG_CACHE_HOME with 0700 (rwx--) permissions if they don't already exist. > if i do it for my emails, or my calendars, or my bookmark we need a > strict policy behaviours. Yes, emails, calendars and bookmarks are examples of things that tend to contain private or sensitive information, and should not be readable by other users unless the owner has specifically configured that. In some cases these (especially emails) will contain passwords and other secrets. If 0700 permissions and whatever encryption-at-rest your OS/machine might have are not considered to be sufficient protection for a particular secret (for example a GPG or SSH key), then I would recommend using a USB cryptographic token (Nitrokey, Yubikey or similar) and not storing it on disk at all. smcv ___ xdg mailing list xdg@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/xdg
Re: xdg-basedir for secrets
Le 06/06/2019 à 23:15, Jonas DOREL a écrit : > Hi, > hi > Currently, most secrets (SSH Keys, GPG Keys, OAuth token) seems to be > located in XDG_CONFIG_HOME. And they should not, secrets are data not config. (for me) > > However I think one of the interests of the XDG basedir specification is > to facilitate the management of those different files (backup, > publication, mount, ...) because of the different policies applying to > those files. For me as far as possible all /home data should have an as strict as possible policy. > > But it don't think secrets should be handled the same way as > configuration. What do you think about adding XDG_KEYS_HOME (maybe > .secrets or .local/secrets) and XDG_KEYS_DIR ? If we start to manage things by there purpose (and we should (my point of view)) some others concern will be. if i do it for my emails, or my calendars, or my bookmark we need a strict policy behaviours. Which program can access at what. And what about the storage (xml/txt/maildir/vbox etc). For me storage should be program agnostic. (the same data should be use by the user prefered software) but my last email about that not look really welcome. I m not part of anything so it’s maybe for that but i’m glad to see I m not alone with this kind of ideas. > > Jonas DOREL > jerome sry for my bad english > ___ > xdg mailing list > xdg@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/xdg 0x053A41EF03878A98.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ xdg mailing list xdg@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/xdg