Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Managing Code Signing Digital IDs for Open Source?

from [Saqib Ali] Network Security [Permanent Link]
Subject: Managing Code Signing Digital IDs for Open Source?
Date: Fri, 13 May 2005 08:25:32 -0400 
What are the best practices for managing Code Signing Digital IDs +
Private Keys for
Open Source projects, where the developers are dispersed throughout
the globe? For our project there is NO central office, where we can
secure the private key for the Code Signing Digital ID. Who should
have the possession of the private key? Multiple people, or just the
project manager?

What Key Escrow (recovery) techniques can be used, in case the private
key holder is not available? I am fimiliar with shared secret concept. What I
am looking for is specific examples of technological solutions that we
can buy, to provide key escrow. Key escrow services provided by
Verisign are too expensive for us.

Who should be allowed to digitally sign the build? Currently one
person handles the signing responsibility, but I think that is surely
a single point of failure. Any thoughts/ideas?

Thanks,
-- 
In Peace,
Saqib Ali
http://validate.sf.net
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Managing Code Signing Digital IDs for Open Source?, Saqib Ali <=
Previous by Date:  RE: Info Classification Software and Process, Christine Tutty
Next by Date:  VPN Linksys BEFVP41-Symantec SGS360R - how setup?, Adam Macholl
Previous by Thread:  Info Classification Software and Process, Renato Ferro
Next by Thread:  VPN Linksys BEFVP41-Symantec SGS360R - how setup?, Adam Macholl
Indexes:  [Date] [Thread] [Top] [All Lists]