[Cryptography] New free TLS CA coming

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Nov 20 02:30:51 EST 2014


Peter Bowen <pzbowen at gmail.com> writes:

>There is not a ruleset that the hardware excludes Open Source, but it
>Baseline Requirements say:
>
>  "The CA SHALL protect its Private Key in a system or device that has been
>  validated as meeting at least FIPS 140 level 3 or an appropriate Common
>  Criteria Protection Profile or Security Target, EAL 4 (or higher) 

So buy a used FIPS 140 level 3 device off eBay for $20, and you're done (if
you're lucky you may even find someone else's CA keys in it).  If that's the
silly-walk requirement they've set in order to join the club, and given that
the marginal cost is close to zero, do the silly-walk for them and move on.

Peter.


More information about the cryptography mailing list