[Cryptography] 100% Transparency vs. 100% open-source (was New free TLS CA coming)
danmcd at kebe.com
Wed Nov 19 13:48:50 EST 2014
Sorry if I missed a note addressing this on the thread, but as a potential
consumer of a CA, I'm more interested in knowing EXACTLY what blend of HW &
SW are being used, down to as much detail as possible, and where possible,
If they're using Brand X of HW crypto module, I'd like to know what Brand X
is, which model number, and hopefully Brand X has an open-source driver for
at least two open-source OSes (I'm partial to illumos, but I'm fine if the
two are FreeBSD and Linux, e.g.).
Someone else mentioned HW-RAID... my suggestion: don't use HW RAID. ZFS
(available for illumos, FreeBSD, and Linux using ZoL) provides strong
mirroring and data integrity without using special HW. That's the sort of
transparency design trade-off I'd like to see a CA make.
More information about the cryptography