[Cryptography] New free TLS CA coming
iang at iang.org
Thu Nov 20 05:58:42 EST 2014
On 18/11/2014 23:47 pm, Hanno Böck wrote:
> Am Tue, 18 Nov 2014 15:35:21 -0800
> schrieb Peter Bowen <pzbowen at gmail.com>:
>> Can you suggest a HSM that has open source software? It has to be
>> either FIPS 140 Level 3 certificated or certificated to meet EAL5 of a
>> Common Criteria Protection Profile.
> I made it a habit to trust people more that make their tech transparent
> and less if they present me some certification as an argument for
> This is probably a clash of worldviews, but past experiences don't give
> me the feeling these kinds of certifications have achieved much in
> terms of security.
> Is there any ruleset that requires such hw for CAs to be certified in a
> way that excludes open source? That'd be very strange indeed...
Well, those words aren't in there, but you can guarantee that such a
product will be resisted. The industry is set up to give certain
parties a pay-off, and the HSM manufacturers need theirs.
They aren't about to give it up. If there is any possibility of an open
source HSM turning up for serious, they'll go to one or other of the
cartels and get some words changed to knock it out of consideration.
More information about the cryptography