Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://chaos.social/users/agowa338/statuses/114636701423831921">Klaus Frank (agowa338@chaos.social)'s status on Thursday, 12-Jun-2025 04:07:41 JST</a><a href="https://chaos.social/@agowa338" title="agowa338@chaos.social"><img src="https://gnusocial.jp/avatar/161170-48-20240513030312.webp" width="48" height="48" alt="Klaus Frank" style="position: absolute; left: 0; top: 0;">Klaus Frank</a><div><a href="https://gnusocial.jp/notice/10172331" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/121283" title="bluca@fosstodon.org">bluca</a></li><li><a href="https://gnusocial.jp/user/252638" title="siosm@floss.social">Timothée Ravier</a></li></ul></div></section><article><p><a href="https://fosstodon.org/@bluca">@bluca</a> <a href="https://mastodon.social/@pid_eins">@pid_eins</a> <a href="https://floss.social/@siosm">@siosm</a> </p><p>You misunderstood. I secure the key by not having it available in a datacenter. Also the Image it signes will only boot on a single computer so the interest of anyone stealing it area also quite slim.</p><p>On ArchLinux every user typically generates their own keys and enrolls these self generated keys within their devices.</p><p>Also one can use a HSM if they want to but because of the limited scope it isn't really required.</p><p>As I said above entirely different use case...</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5185703#notice-10172332">In conversation</a><time datetime="2025-06-12T04:07:41+09:00" title="Thursday, 12-Jun-2025 04:07:41 JST">about 12 days ago</time> <span>from <span><a href="https://chaos.social/@agowa338/114636701423831921" rel="external" title="Sent from chaos.social via ActivityPub">chaos.social</a></span></span><a href="https://chaos.social/@agowa338/114636701423831921">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/1982146">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Klaus Frank (agowa338@chaos.social)'s status on Thursday, 12-Jun-2025 04:07:41 JSTKlaus Frank
in reply to
@bluca @pid_eins @siosm
You misunderstood. I secure the key by not having it available in a datacenter. Also the Image it signes will only boot on a single computer so the interest of anyone stealing it area also quite slim.
On ArchLinux every user typically generates their own keys and enrolls these self generated keys within their devices.
Also one can use a HSM if they want to but because of the limited scope it isn't really required.
As I said above entirely different use case...
In conversationabout 12 days ago from chaos.socialpermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice