need project review

[Tim Alsop]

Nico,

The point I am trying to make is if you use a stash file you only need
to keep the LATEST master key, but if you use a keytab (as somebody
suggested in an earlier email) you would store the latest, as well as
all previous master keys. Our product stores all master keys in the DB
and encrypts them all with the latest master key, so we have some added
protection of the master keys. As you know, keys in a keytab file are
not encrypted so the keytab could be stolen to obtain the actual master
keys. Yes, the stash file could also be stolen, but at least it would
only contain the later master key, and not all of them.

If somebody is very concerned about master key protection they can chose
not to use any stash file, and they will be prompted for a password
during daemon start-up - the password will be used to derive the latest
master key, and this will be used to get access to older master keys if
needed.

Thanks,
Tim

-----Original Message-----
From: Nicolas Williams [mailto:Nicolas.Williams at sun.com] 
Sent: 07 April 2008 20:42
To: Tim Alsop
Cc: Ken Raeburn; Jeffrey Hutzelman; MIT Kerberos Dev List
Subject: Re: need project review

On Mon, Apr 07, 2008 at 08:28:10PM +0100, Tim Alsop wrote:
> In addition - if you store old master keys in a keytab they are
> potentially open to attack, so better to store as key material in the
db

No different than when they were in the stash file.

Of course, ideally you could have the KDC implemented so no long term
key material ever leaves a hardware token.  I used to be a fan of that
until I realized that that would mean putting so much of the KDC
implementation in the token that it may not be worthwhile.  Instead
folks should minimize the network footprint of their KDCs and provide
extra physical security for them.

Nico
--