edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Peter Schober <peter.schober AT univie.ac.at>
- To: edugain-discuss AT lists.geant.org
- Subject: Re: [eduGAIN-discuss] HSM use cases
- Date: Thu, 28 Mar 2019 10:33:17 +0100
- Organization: ACOnet
* Alan Lewis <alan.lewis AT geant.org> [2019-03-28 10:21]:
> Yes I agree that generating the keys outside the HSM has benefits in
> terms of key backup and recovery. The key thing is that the process
> for doing this is itself secure. I don’t know what mechanisms the
> USB tokens have to do this, so it would be useful to take a look if
> you can point me at any examples.
I think the point he (and Shannon and myself) was making is that if you
generate key material outside the HSM by defintion the HSM can do
nothing for you to make this (more) secure, i.e., it's all in your own
processes.
FWIW, here are Guy's notes for provisioning the Nitrokey "HSM" model:
https://safire.ac.za/wp-content/uploads/2017/02/NitrokeyHSMPrepNotes.pdf
-peter
- Re: [eduGAIN-discuss] HSM use cases, (continued)
- Re: [eduGAIN-discuss] HSM use cases, Shannon Roddy, 26-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 27-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Muhammad Farhan SJAUGI, 27-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 27-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 27-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 27-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Muhammad Farhan SJAUGI, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 27-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 27-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Guy Halse, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 03/28/2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Shannon Roddy, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 29-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 03/28/2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Shannon Roddy, 26-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Joost van Dijk, 29-Mar-2019
Archive powered by MHonArc 2.6.19.