[arch-devops] security at archlinux.org address

[Giancarlo Razzolini]

Em fevereiro 11, 2019 18:35 Jelle van der Waa escreveu:
> Options:
> 
> * Cheapest Hetzner server 34 euro / month and 40 euro setup fees.
> * Hetzner auction server ~ 25 / month and no setup fees.
> * Different dedicated server hoster which allows custom usb devices.
>

I completely agree this must be on a completely separate server, with as few
services on it as possible. So, I'm fine with either options here.

> 
> Downsides:
> 
> * Nitrokey is out of our control, but we trust Hetzner already (ie. they
>   could easily hook up a malicious USB/BMC device already and gain root
>   privileges).

Agreed.

> * Server dies, the Nitrokey has to be moved to the new server.
>

This is a risk factor, but then again we have to trust hetzner.

> Questions:
> 
> * How to update the key, handle key expiration?

I'm not sure about the specifics of nitrokey, but if it can be updated remotely,
that's fine.

> * Do we backup the key? Let someone have a separate nitrokey?  
>

I think that we should have a backup key with someone else other than the person
that is acquiring the installed key. The whole process should be done independently
and these two should meet and make sure that they have identical keys.

> Setup:
> * Levente (anthraxx) volunteered to aquire, setup key (+revocation) and
>   get it to Hetzner.
>

This is something I was going to mention, to avoid issues with interdiction.
So, I assume that Levente is going to physically buy and deliver the key to the hetzner
datacenter. I would go even further, and ask them if it's possible to follow the physical
install procedure.

Regards,
Giancarlo Razzolini
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 870 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-devops/attachments/20190211/ccaac77f/attachment-0001.sig>