kernel-level key management subsystem

travis+ml-cryptography at subspacefield.org travis+ml-cryptography at subspacefield.org
Tue Oct 9 17:54:51 EDT 2007


On Tue, Oct 09, 2007 at 06:08:44PM +1300, Peter Gutmann wrote:
> how do you want access to the keys controlled?  ACLs?  Who sets the ACLs?  Who
> can manage them?  How are permissions managed?  What's the UI for this?  Under
> what conditions is sharing allowed?  If sharing is allowed, how do you handle
> the fact that different apps (with different levels of security) could have
> access to the same keys?  Do you derive keys from a master key?  Do you
> migrate portions of the app functionality into the kernel to mitigate the
> problems with untrusted apps?  How is key backup handled?  What about
> 
> [Another 5 pages of questions]

Good stuff.

I was hoping perhaps to stimulate a discussion on just these sorts of issues.

There's a bit of interrelated stuff here; you can start with requirements,
postulate some mechanisms, think about implications of their implementation,
which leads to refining requirements.  It's sure to be a learning experience.

Maybe this isn't the best place to do that, but it seems to me that this group
would be one of the best for ironing out the details, and would have a vested
interest in any such management interface not suck.

Ideally I'd like to be able to develop something for, say, Linux, and possibly
integrate it with your open-source co-processor stuff.

> Once you've got a clear statement of exactly what you want to do (which in its
> most abstract form is "solve an arbitrarily complex key management problem"),
> implementation is almost trivial in comparison.

Sure.

Maybe that's a good question: what are the idioms in key management?

Is there any similar work already that I could read up on?

Where can I read up on current HSM functionality, offerings, features, etc.?

  "Computers are useless; they can only give answers."
   -- Pablo Picasso
-- 
<URL:http://www.subspacefield.org/~travis/> Eff the ineffable!
For a good time on my UBE blacklist, email john at subspacefield.org.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 825 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20071009/bb8fae94/attachment.pgp>


More information about the cryptography mailing list