[Cryptography] CloudFlare reinvents crypto offload

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat Sep 20 23:18:51 EDT 2014


Alan Braggins <alan.braggins at gmail.com> writes:

>But while Azure and AWS both support using HSMs with cloud appliances,
>neither of them support keeping the HSM in the customer's physical control,
>as far as I know.

>From their diagrams it looks like the crypto box doesn't have to be an HSM, so
they seem to be creating a logical HSM by removing physical control over the
crypto from the ISP.  I've seen that before in the past, don't bother with
HSMs but just locate a PC that does the job in a physically secure location
(e.g. inside a strongroom in an old fortress where it took two days to drill
through the walls to lay the cables).

Of course the keys that control access to the remote HSM are still held by the
ISP, and the premaster secret that protects the communications is also fed
back to the ISP, so you have to define your threat model pretty carefully to
see what they're defending against here.

Peter.


More information about the cryptography mailing list