[Cryptography] HSM's to be required for Code Signing Certificates

[Peter Gutmann]

Thierry Moreau <thierry.moreau at connotech.com> writes:

>This (or the mere count of digital signature operations performed during an
>HSM session, reported in a trustworthy way) is actually missing from the most
>readily documented HSM deployment project, the DNSSEC root KSK signature
>ceremonies held by IANA on a regular basis.

What's the threat here, and how would this defend against it?  If I was going
to attack the DNS I wouldn't go for such a high-profile target, and even if I
did, it'd be detected by having fake DNS entries turn up, at which point going
back to look at the logs to say "uh, yeah, it happened at this time" wouldn't
really add much.

It's a bit like certificate transparency, it served initially to embarrass CAs
into actually doing their job properly for the first time since they were
created (but then the EFF Observatory did that too, CT just outsources it so
anyone can have a poke around), but I'm not aware of it actually preventing
any attacks, e.g. dealing with certs issued to cybercriminals, it's just being
used to embarrass a few lightning-rod CAs when they slip up.

(Which, admittedly, is quite necessary, but it's not really doing anything to
stop the bad guys).

>The evil is in the details! Believe me, or look at
>
>https://data.iana.org/ksk-ceremony/

Ugh.  I gave up after "Fratres, agnoscamus peccata nostra, ut apti simus ad
sacra mysteria PKI celebranda".  Do they dress in priest's robes in the
videos?

Peter.