Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] HSM use cases

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] HSM use cases


Chronological Thread 
  • From: Shannon Roddy <sroddy AT internet2.edu>
  • To: "edugain-discuss AT lists.geant.org" <edugain-discuss AT lists.geant.org>
  • Subject: Re: [eduGAIN-discuss] HSM use cases
  • Date: Tue, 26 Mar 2019 21:26:14 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) smtp.mailfrom=sroddy AT internet2.edu;



On 3/19/19 12:44 PM, Alan Lewis wrote:

> 5. Specific HSM requirements for
> 3. Management, connectivity and access mechanisms;

One thing to pay attention to is key management.

Ability to flag a key as non-exportable (if generated outside of the
HSM) or ability to generate a non-exportable key. If the key is
generated on the HSM, and is marked non-exportable, in most cases you
are then locked into that particular HSM solution/vendor. If the key is
generated off-HSM and not able to be marked as non-exportable, one
should come up with compensating controls to prevent export of the key.

Ability to do quorum operations becomes useful in the above case. E.g.
multiple parties need to approve certain operations (e.g. key export,
user management).


-Shannon



Archive powered by MHonArc 2.6.19.

Top of Page