Re: Debian two-factor auth, GSoC?

To: debian-devel@lists.debian.org
Subject: Re: Debian two-factor auth, GSoC?
From: Tollef Fog Heen <tfheen@err.no>
Date: Thu, 11 Apr 2013 21:25:02 +0200
Message-id: <[🔎] m2a9p43m5t.fsf@rahvafeir.err.no>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20130411190440.GA32523@emyr.net> (Luca Filipozzi's message of "Thu, 11 Apr 2013 19:04:40 +0000")
References: <[🔎] 5166FCA0.70504@pocock.com.au> <[🔎] 20130411190440.GA32523@emyr.net>

]] Luca Filipozzi 

> I can help with a GSoC but I think DSA would prefer to lean in the direction of
> the above.

I'm also happy to help with it.  I have a bit of experience with the
yubikey tokens, and at least one of the upstreams is on the path to
DDship, so I think we're reasonably well covered there.

> Finally, if we are going to require DDs to have a physical object, I'm more in
> favour of an OpenPGP token than an OTP token.  The OpenPGP token could then
> power gpg (yes, Luca, we get that :) ) and act as an ssh-agent.  Couple that
> with OTP, and we have quite strong overall solution, I think.

The Yubikey neo can run the java applet thingies, it seems, so it can
act as a GPG token too.

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Reply to:

Follow-Ups:
- Re: Debian two-factor auth, GSoC?
  - From: Paul Tagliamonte <paultag@debian.org>
- Re: Debian two-factor auth, GSoC?
  - From: Daniel Pocock <daniel@pocock.com.au>
- Re: Debian two-factor auth, GSoC?
  - From: Thomas Goirand <zigo@debian.org>

References:
- Debian two-factor auth, GSoC?
  - From: Daniel Pocock <daniel@pocock.com.au>
- Re: Debian two-factor auth, GSoC?
  - From: Luca Filipozzi <lfilipoz@debian.org>

Prev by Date: Re: Debian two-factor auth, GSoC?
Next by Date: Re: Debian two-factor auth, GSoC?
Previous by thread: Re: Debian two-factor auth, GSoC?
Next by thread: Re: Debian two-factor auth, GSoC?
Index(es):
- Date
- Thread