Skip to Content.
Sympa Menu

edugain-discuss - RE: [eduGAIN-discuss] HSM use cases

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

RE: [eduGAIN-discuss] HSM use cases


Chronological Thread 
  • From: Alan Lewis <alan.lewis AT geant.org>
  • To: Shannon Roddy <sroddy AT internet2.edu>, "edugain-discuss AT lists.geant.org" <edugain-discuss AT lists.geant.org>
  • Subject: RE: [eduGAIN-discuss] HSM use cases
  • Date: Wed, 27 Mar 2019 12:02:25 +0000
  • Accept-language: en-GB, en-US
  • Authentication-results: spf=none (sender IP is ) smtp.mailfrom=alan.lewis AT geant.org;

Hello Shannon,

Thanks for your speedy response.
Comments and some further questions below.

Best regards

Alan

Alan Lewis
Trust and Identity Services Product Manager

GÉANT
Direct Tel: +44 (0)1223 371409
Mobile: +44 (0) 7500 891616
Switchboard: +44 (0)1223 371300
Networks • Services • People
Learn more at www.geant.org​

GÉANT Vereniging (Association) is registered with the Chamber of Commerce in
Amsterdam with registration number 40535155 and operates in the UK as a
branch of GÉANT Vereniging. Registered office: Hoekenrode 3, 1102BR
Amsterdam, The Netherlands. UK branch address: City House, 126-130 Hills
Road, Cambridge CB2 1PQ, UK.

-----Original Message-----
From: edugain-discuss-request AT lists.geant.org
<edugain-discuss-request AT lists.geant.org> On Behalf Of Shannon Roddy
Sent: 26 March 2019 21:26
To: edugain-discuss AT lists.geant.org
Subject: Re: [eduGAIN-discuss] HSM use cases



On 3/19/19 12:44 PM, Alan Lewis wrote:

> 5. Specific HSM requirements for
> 3. Management, connectivity and access mechanisms;

One thing to pay attention to is key management.

Ability to flag a key as non-exportable (if generated outside of the
HSM) or ability to generate a non-exportable key. If the key is generated on
the HSM, and is marked non-exportable, in most cases you are then locked into
that particular HSM solution/vendor. If the key is generated off-HSM and not
able to be marked as non-exportable, one should come up with compensating
controls to prevent export of the key.

>>That is a very good point. As well as being locked into the vendor there
>>are other issues as well. The key is inextricably linked to so that if the
>>HSM is disabled the key >>itself is destroyed and new keys must be
>>provisioned. If the key is exportable (or as you say generated off the HSM)
>>then a sufficient mature approach must be in place >>to backup and restore
>>the keys. In my experience such key management is non-trivial.

Ability to do quorum operations becomes useful in the above case. E.g.
multiple parties need to approve certain operations (e.g. key export, user
management).
>>Agreed. Some mechanism to provide key fragmentation allowing quorum
>>operations linked to specific access privileges would be very useful.

>>How important are the requirements above given the nature of the
>>information being protected? Perhaps this wold be an 'essential'
>>requirement for some use cases >>(such as to protect the trust fabric of
>>eduGAIN), whereas for other services it might be a nice to have.
>>Would such requirements be minimised if the HSM capability was delivered as
>>a service from a secure central location rather than a variety of
>>on-premise devices?



-Shannon

Attachment: smime.p7s
Description: S/MIME cryptographic signature




Archive powered by MHonArc 2.6.19.

Top of Page