edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Leif Johansson <leifj AT sunet.se>
- To: edugain-discuss AT lists.geant.org
- Subject: Re: [eduGAIN-discuss] HSM use cases
- Date: Thu, 28 Mar 2019 11:11:29 +0100
On 2019-03-28 10:33, Peter Schober wrote:
> * Alan Lewis <alan.lewis AT geant.org> [2019-03-28 10:21]:
>> Yes I agree that generating the keys outside the HSM has benefits in
>> terms of key backup and recovery. The key thing is that the process
>> for doing this is itself secure. I don’t know what mechanisms the
>> USB tokens have to do this, so it would be useful to take a look if
>> you can point me at any examples.
>
> I think the point he (and Shannon and myself) was making is that if you
> generate key material outside the HSM by defintion the HSM can do
> nothing for you to make this (more) secure, i.e., it's all in your own
> processes.
It is still a *very* common model - generate on one HSM and use on
another. There are several reasons you want to do stuff like this
beyond simple "backup" patterns.
> FWIW, here are Guy's notes for provisioning the Nitrokey "HSM" model:
> https://safire.ac.za/wp-content/uploads/2017/02/NitrokeyHSMPrepNotes.pdf
>
> -peter
>
- RE: [eduGAIN-discuss] HSM use cases, (continued)
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 27-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Muhammad Farhan SJAUGI, 27-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 27-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 27-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 27-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Muhammad Farhan SJAUGI, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 27-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 27-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Guy Halse, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 03/28/2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 03/28/2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Shannon Roddy, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 29-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Joost van Dijk, 29-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 29-Mar-2019
Archive powered by MHonArc 2.6.19.