[Cryptography] New free TLS CA coming
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Nov 20 02:30:51 EST 2014
Peter Bowen <pzbowen at gmail.com> writes:
>There is not a ruleset that the hardware excludes Open Source, but it
>Baseline Requirements say:
>
> "The CA SHALL protect its Private Key in a system or device that has been
> validated as meeting at least FIPS 140 level 3 or an appropriate Common
> Criteria Protection Profile or Security Target, EAL 4 (or higher)
So buy a used FIPS 140 level 3 device off eBay for $20, and you're done (if
you're lucky you may even find someone else's CA keys in it). If that's the
silly-walk requirement they've set in order to join the club, and given that
the marginal cost is close to zero, do the silly-walk for them and move on.
Peter.
More information about the cryptography
mailing list