[Cryptography] HSM's
Thierry Moreau
thierry.moreau at connotech.com
Tue Jan 21 06:46:58 EST 2014
Tony Arcieri wrote:
> On Sun, Jan 19, 2014 at 10:54 AM, Bill Frantz <frantz at pwpconsult.com
> <mailto:frantz at pwpconsult.com>> wrote:
>
> There seem to be at least three approaches to the problem: (1) Split
> the key into enough pieces that a single rogue HSM can't compromise
> security. (2) Isolate the HSM(s) such that they can't communicate
> the key or perform rogue signatures. (3) Require signatures from all
> the HSMs for validity.
>
>
> Just want to say I love #3: multisignature trust, because it completely
> decentralizes the problem and no one machine ever has to reassemble a
> master secret.
>
On the other hand, each relying party has to reassemble a public key set
with each elementary public key subject to revocation, rollover, and the
like. Not a trivial task for a large population of relying parties.
--
- Thierry Moreau
More information about the cryptography
mailing list