From: "sirjofri via 9fans" <9fans@9fans.net>
To: 9fans <9fans@9fans.net>
Subject: Re: [9fans] Solo factotum
Date: Tue, 30 Dec 2025 22:37:09 +0100 [thread overview]
Message-ID: <54c7d3ca-7bb4-44f6-8fc6-f8bc51cdd974@sirjofri.de> (raw)
In-Reply-To: <20251230.105643.1185666151293172501.dworkin@weaselfish.com>
30.12.2025 19:22:13 Dworkin Muller <dworkin@weaselfish.com>:
> Alternatively, just set it up as a secret store, like is done with
> terminals. Not quite as elegant/cool, but perhaps more practical.
In general, you're right. However the big difference (and why I think there's a solid use case for a factotum key) is that the machine that runs factotum has to be secure. If you have a terminal with its own factotum program, that's fine. The program is on a trusted machine. However, if your terminal boots off a fs, you have to trust the factotum program on that fs to not steal your keys when executed. If you run factotum in a remote session, you have to trust the server. If you have a single enclosed factotum key and no way for the host to download the secrets directly, then you can use it even on an untrusted machine.
Sure, you still need a way to edit the keys. Maybe a specific mount access using an additional secret for editing or something similar could be invented.
In any case, I think for a fully trusted environment you probably don't need a factotum key. I think the whole factotum and secstore stuff is built around this level of trust (you trust the grid). If you consider a public grid with multiple users and people who sign in as guests, I'd prefer to not have my secrets uploaded into the memory of a machine that I can't control myself, if possible. And people do set up grids like that. That's why I welcome experiments into that direction. Not to replace the current status quo, but to extend it in a compatible way for different use cases.
sirjofri
------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Ta60752663ff08448-Mce4dd48da0c413713a2dbd66
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
next prev parent reply other threads:[~2025-12-30 22:27 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-29 10:57 [9fans] Solo factotum (was: Enterable namespaces: /proc/pid/$ns/srv) David Arroyo
2025-12-29 14:40 ` sirjofri via 9fans
2025-12-30 6:28 ` David Arroyo
2025-12-30 17:56 ` [9fans] Solo factotum Dworkin Muller
2025-12-30 21:37 ` sirjofri via 9fans [this message]
2025-12-30 23:29 ` ori
2025-12-31 4:24 ` Steve Simon
2025-12-31 5:21 ` David Arroyo
2025-12-31 17:31 ` ori
2025-12-31 21:47 ` Steve Simon
2025-12-31 9:40 ` sirjofri via 9fans
2025-12-31 16:26 ` ori
2025-12-31 8:51 ` Skip Tavakkolian
2025-12-29 15:32 ` [9fans] Solo factotum (was: Enterable namespaces: /proc/pid/$ns/srv) Shawn Rutledge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54c7d3ca-7bb4-44f6-8fc6-f8bc51cdd974@sirjofri.de \
--to=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).