On Thu, Apr 11, 2013 at 09:25:02PM +0200, Tollef Fog Heen wrote: > ]] Luca Filipozzi > > > I can help with a GSoC but I think DSA would prefer to lean in the direction of > > the above. > > I'm also happy to help with it. I have a bit of experience with the > yubikey tokens, and at least one of the upstreams is on the path to > DDship, so I think we're reasonably well covered there. > > > Finally, if we are going to require DDs to have a physical object, I'm more in > > favour of an OpenPGP token than an OTP token. The OpenPGP token could then > > power gpg (yes, Luca, we get that :) ) and act as an ssh-agent. Couple that > > with OTP, and we have quite strong overall solution, I think. > > The Yubikey neo can run the java applet thingies, it seems, so it can > act as a GPG token too. Completely unrelated to it's GSoC-eyness (which I would love to see, quick, put it on the ideas page and put interested parties as mentors!), I really hate the idea of "loosing" an unencrypted copy of my GPG private half. I misplace everything, I don't need someone finding a copy of my GPG key and abusing it :) -T -- .''`. Paul Tagliamonte <paultag@debian.org> : :' : Proud Debian Developer `. `'` 4096R / 8F04 9AD8 2C92 066C 7352 D28A 7B58 5B30 807C 2A87 `- http://people.debian.org/~paultag
Attachment:
signature.asc
Description: Digital signature