[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Health-dev] Build encyption example into live-CD?
From: |
Axel Braun |
Subject: |
Re: [Health-dev] Build encyption example into live-CD? |
Date: |
Thu, 4 Dec 2014 11:40:27 +0100 |
Hello Emilien,
thanks for your reply, and sorry for my late answer.
> Gesendet: Montag, 24. November 2014 um 12:24 Uhr
> Von: "Emilien Klein" <address@hidden>
> An: address@hidden
> Betreff: Re: [Health-dev] Build encyption example into live-CD?
[...]
> > But back to the original question....obstacles against a demo-key?
>
> Shipping crypto keys, in particular if private keys is involved, isn't
> good practice.
[...]
> For GNU Health's live CD, if possible the keys should be generated on
> the fly the first time it is run.
>
> Would something like this be possible?
> A script is set up to run when the system starts up (using @reboot in
> cron), which will check if the keys exist.
> If keys do not exist, the key generation command is launched.
> If keys exist, do nothing.
That should be possible, although the Gnupg batch mode creation of keys is
flagged as 'experimental'. But thats a different story.
> This will have a very minimal performance impact starting with the
> second boot sequence, and ensures everyone has unique keys.
This 'advantage' is as well a disadvantage if the users runs the Live-CD from a
writeable medium (USB-stick, VM-instance), as he would always get a new key,
and no good live example / demo can be created for this reason. (Target
audience was the less experienced user!)
> Reason why shipping keys wouldn't be a good idea:
> Even if this only a demo system, you can be assured that at least
> someone, somewhere, maybe with limited sysadmin skills or knowledge of
> encryption, will test the demo live-CD, be so enthused by it that it
> will use that as the basis for their production system.
> As in "Hey, what the heck, if it works nicely out of the box, and I've
> read that this "Linux" thing is secure, since I don't know much about
> it I'll just run the Live CD that is officially published. It has to
> be secure, right?".
>
> And then when patient information is stolen from their PRD system, the
> only thing we'll be able to help with is send reproaches: "you
> shouldn't have done that, haven't you followed all the instructions on
> the wiki?" (once it's updated ;) ) That's not very helpful to our
> users, and even less to their patients who have their private medical
> information floating around.
>
> Better be safe than sorry. If it's difficult for us, but easy for
> them, we should take the extra step and have the keys be generated on
> the fly instead of shipping the same keys to everybody.
>
> Let me know if you think this doesn't make sense.
Indeed, esp the risk of using a Live-VM-instance as production system is a
valid scenario.
Considering this, I feel it is better to have everything packed in the Live-CD
and a good explanation how to create a pair of keys and use it with GNUHealth,
rather than shipping a working example. And a set of keys.
Thanks for all your discussion input
Axel
- Re: [Health-dev] Build encyption example into live-CD?,
Axel Braun <=