[Cryptography] HSM's
Peter Todd
pete at petertodd.org
Mon Jan 20 13:19:22 EST 2014
On Mon, Jan 20, 2014 at 07:43:19PM +0300, ianG wrote:
> At CAcert I more or less decided I could not trust the HSMs, as
> essentially they were unauditable. I don't see that has changed, and
> what I've heard of other CA practices is that they basically wing it in
> this direction. I guess some Auditors just nod off as soon as they hear
> that an approved (?) HSM is used without even checking the circumstances
> of the procurement and usage.
>
> So we stuck with the "home grown" HSM concept which was to build a
> machine, and lock it down in the secure rack. This has the risk that
> someone can sneak in and steal the root by opening it up. My call was
> that as the CA had covered pretty much all the other risk better, this
> was an acceptable risk. But in the future they should work to reduce
> this one as well.
And this is why we need n-of-m multiple key support in OpenPGP: I don't
really trust your home-grown HSM, or the professional one, but the
chance of both being backdoored is low.
--
'peter'[:-1]@petertodd.org
00000000000000002298c84800822ac5076148e94f5ef4fe20af1c98855fee27
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140120/4ce9e36f/attachment.pgp>
More information about the cryptography
mailing list