[Cryptography] HSM's to be required for Code Signing Certificates

[Peter Gutmann]

Bill Frantz <frantz at pwpconsult.com> writes:

>It seems to me one could build a HSM auditor which passively monitors the
>interface to the HSM and records the time of every signing operation. If the
>communication between the computer and the HSM is in the clear, more
>information could be recorded, but just the time the signing operations are
>performed would provide a useful audit trail.

That's been hypothesised before, a transaction-sequence enforcement mechanism
that only allows particular sequences of operations, assigned to user roles,
with auditing, and so on.  Unfortunately it gets complicated really quickly,
and by and large it's just an awkward way to build a higher-level API using a
sort of macro capability.  So in the long run it's better to provide an API
like "turn this text document into an S/MIME signed message" than to provide a
capability to string together a sequence of operations yourself that do the
same thing.

Peter.