[Cryptography] HSM's to be required for Code Signing Certificates

Ray Dillinger bear at sonic.net
Fri Jan 27 15:08:58 EST 2017



On 01/27/2017 12:01 AM, Natanael wrote:
> Den 27 jan. 2017 06:09 skrev "Peter Gutmann" <pgut001 at cs.auckland.ac.nz>:

>> must
>> either ***store keys in hardware*** they keep on premise hardware, or in a
>> new secure cloud-based code signing cloud-based service.


> While unlikely to be implemented that way, it *could* be secure. Strong
> emphasis on *could*.

Yeah, I'm still chuckling over the use of "secure" and "cloud based"
in the same sentence.  It's going to remain utter nonsense no matter
what people pretend.  "Cloud" means you have given up control of
your security.

In fact for the level of security needed for key signing keys, I'd
be shaking my head doubtfully over a combination of "secure" and
"network connected."

				Bear

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170127/aad93d0c/attachment.sig>


More information about the cryptography mailing list