edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Peter Schober <peter.schober AT univie.ac.at>
- To: edugain-discuss AT lists.geant.org
- Subject: Re: [eduGAIN-discuss] HSM use cases
- Date: Thu, 28 Mar 2019 11:40:55 +0100
- Organization: ACOnet
* Leif Johansson <leifj AT sunet.se> [2019-03-28 11:28]:
> > If that exists I'm certainly all for it. It's not like I *want* to
> > own the processes of secure key creation when the HSM could do it
> > (and hopefully with a better RNG, at least with Cryptech).
>
> Yeah but you might want to have > 1 HSM - one you lock into a safe
> where you do key generation and one where you deploy the key for
> production because that may allow you to switch between multiple
> generations of HSM hardware without re-generating a long-term key.
I don't follow. That's still essentially a backup/restore procedure,
and it would still only work within compatible models of the same
vendor, I guess?
> Yeah pkcs11 allows you to import keys. This is exactly what I do
> for my process. I generate outside my Luna cluster and import via
> a p11 client and then I lock the key so it can't be re-exported.
Sure, same here on the cheap-ass side of things.
But I think I'd be happier if I wouldn't have to do that (but that
would spell vendor-lock-in, AFAIU).
-peter
- Re: [eduGAIN-discuss] HSM use cases, (continued)
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 27-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 27-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Muhammad Farhan SJAUGI, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Guy Halse, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 03/28/2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Shannon Roddy, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 29-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 27-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Joost van Dijk, 29-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 29-Mar-2019
Archive powered by MHonArc 2.6.19.