[Cryptography] 100% Transparency vs. 100% open-source (was New free TLS CA coming)

Dan McDonald danmcd at kebe.com
Wed Nov 19 13:48:50 EST 2014

Sorry if I missed a note addressing this on the thread, but as a potential
consumer of a CA, I'm more interested in knowing EXACTLY what blend of HW &
SW are being used, down to as much detail as possible, and where possible,
using open-source.

If they're using Brand X of HW crypto module, I'd like to know what Brand X
is, which model number, and hopefully Brand X has an open-source driver for
at least two open-source OSes (I'm partial to illumos, but I'm fine if the
two are FreeBSD and Linux, e.g.).

Someone else mentioned HW-RAID... my suggestion:  don't use HW RAID.  ZFS
(available for illumos, FreeBSD, and Linux using ZoL) provides strong
mirroring and data integrity without using special HW.  That's the sort of
transparency design trade-off I'd like to see a CA make.


More information about the cryptography mailing list