Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] HSM use cases

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] HSM use cases


Chronological Thread 
  • From: Peter Schober <peter.schober AT univie.ac.at>
  • To: edugain-discuss AT lists.geant.org
  • Subject: Re: [eduGAIN-discuss] HSM use cases
  • Date: Thu, 28 Mar 2019 10:33:17 +0100
  • Organization: ACOnet

* Alan Lewis <alan.lewis AT geant.org> [2019-03-28 10:21]:
> Yes I agree that generating the keys outside the HSM has benefits in
> terms of key backup and recovery. The key thing is that the process
> for doing this is itself secure. I don’t know what mechanisms the
> USB tokens have to do this, so it would be useful to take a look if
> you can point me at any examples.

I think the point he (and Shannon and myself) was making is that if you
generate key material outside the HSM by defintion the HSM can do
nothing for you to make this (more) secure, i.e., it's all in your own
processes.
FWIW, here are Guy's notes for provisioning the Nitrokey "HSM" model:
https://safire.ac.za/wp-content/uploads/2017/02/NitrokeyHSMPrepNotes.pdf

-peter



Archive powered by MHonArc 2.6.19.

Top of Page