[Cryptography] CloudFlare reinvents crypto offload
Alan Braggins
alan.braggins at gmail.com
Sat Sep 20 13:05:00 EDT 2014
On 20 September 2014 00:28, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> They've posted an update:
>
> https://blog.cloudflare.com/keyless-ssl-the-nitty-gritty-technical-details/
>
> which looks like it's taken straight from Rescorla's SSL and TLS from fifteen
> years ago (or perhaps an nCipher brochure from nearly twenty years ago :-).
Only 10 years for the nCipher netHSM, 18 years ago was SCSI devices,
and you were expected to buy one for each server machine :-)
But while Azure and AWS both support using HSMs with cloud appliances,
neither of them support keeping the HSM in the customer's physical control,
as far as I know.
http://aws.amazon.com/cloudhsm/
https://www.thales-esecurity.com/msrms/cloud
http://www.zdnet.com/thales-microsoft-serve-secure-crypto-in-the-cloud-7000023530/
http://blogs.technet.com/b/rms/archive/2014/03/05/byok-now-without-flying.aspx
My guess is that anything that is interesting and new about the scalability and
ease of management, they want to avoid going into detail about, so somebody
in marketing has been stuck with the job of selling a new feature
without actually
explaining what's really new.....
The "it's still OpenSSL, but now it's non-blocking" bit you couldn't
get off the shelf
from nCipher. OpenSSL support, and a native non-blocking API, but pick one.
--
alan.braggins at gmail.com
http://www.chiark.greenend.org.uk/~armb/
More information about the cryptography
mailing list