Search found 6 matches

by whoop
2020/12/08 20:00:36
Forum: CentOS Social
Topic: CentOS HAS BEEN CANCELLED !!!
Replies: 14
Views: 2709

Re: CentOS HAS BEEN CANCELLED !!!

Is anybody considering switching to RHEL's free non-production developer subscription? As I understand it, it is free and receives updates.
The only downside as I understand it is that you have to renew your license every year (and that you can't use it in commercial production).
by whoop
2020/10/31 22:32:06
Forum: CentOS Social
Topic: CentOS update gap
Replies: 10
Views: 660

CentOS update gap

Hi, I have noticed there is a significant "update gap" when the maintainers of CentOS are busy working on a new point release. Just to be clear: This is not a compaint, not at all!!! The "update gap" I am talking about is not the time gap between RHEL and CentOS but rather the lack of updates for a ...
by whoop
2020/10/31 22:03:21
Forum: CentOS 8 - Security Support
Topic: nbde over internet
Replies: 6
Views: 395

Re: nbde over internet

Okay, are you planning to mitigate man in the middle? Uhhmm, no? I was under the impression that I did not have to. (I am not planning anything btw, I am just trying to figure stuff out). The decryption key is computed client side using information from the server and the client. So a man in the mi...
by whoop
2020/10/28 17:11:17
Forum: CentOS 8 - Security Support
Topic: nbde over internet
Replies: 6
Views: 395

Re: nbde over internet

Why is it not a good idea to send secrets over a public network? (they are secrets - why else are you encrypting). Yes these things can be automated with some thought. Hhmm, I am confused. I was under the impression that tang does not know anything about the decryption key of the clevis client. So ...
by whoop
2020/10/19 17:21:55
Forum: CentOS 8 - Security Support
Topic: nbde over internet
Replies: 6
Views: 395

Re: nbde over internet

That's what I gathered also. But why? So every time I need to reboot a remote server I need to get on the road or use some dropbear/dracut-ssh/partial encryption scheme to get things going again? There's no automation? I would think that nbde would be ideal in this situation. Stuff can be rebooted a...
by whoop
2020/10/17 13:32:20
Forum: CentOS 8 - Security Support
Topic: nbde over internet
Replies: 6
Views: 395

nbde over internet

In most examples I've seen about nbde it seems to be used to unlock luks machines over a local (secure) network. Communication doesn't need tls because it is stateless. The machine is unlock comparing keys. What encryption is being used when communicating between clevis client and tang server? Is it...

Go to advanced search