[Cryptography] CloudFlare reinvents crypto offload
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Sep 19 01:09:00 EDT 2014
Someone recently pointed me to CloudFlare's Keyless SSL:
http://arstechnica.com/information-technology/2014/09/in-depth-how-cloudflares-new-web-service-promises-security-without-the-key/
I can't see what the innovation is here. They say that instead of doing the
SSL premaster secret processing directly on the web server, the magic is to do
it on a secure external system/device. I guess they could call this external
device a Helper for SSL Mechanisms or "HSM". I wonder why no-one's ever
thought of this before.
Oh, wait...
Where's the magic?
Peter.
More information about the cryptography
mailing list