edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Leif Johansson <leifj AT sunet.se>
- To: Peter Schober <peter.schober AT univie.ac.at>
- Cc: edugain-discuss AT lists.geant.org
- Subject: Re: [eduGAIN-discuss] HSM use cases
- Date: Thu, 28 Mar 2019 12:08:51 +0100
Skickat från min iPhone
> 28 mars 2019 kl. 11:40 skrev Peter Schober <peter.schober AT univie.ac.at>:
>
> * Leif Johansson <leifj AT sunet.se> [2019-03-28 11:28]:
>>> If that exists I'm certainly all for it. It's not like I *want* to
>>> own the processes of secure key creation when the HSM could do it
>>> (and hopefully with a better RNG, at least with Cryptech).
>>
>> Yeah but you might want to have > 1 HSM - one you lock into a safe
>> where you do key generation and one where you deploy the key for
>> production because that may allow you to switch between multiple
>> generations of HSM hardware without re-generating a long-term key.
>
> I don't follow. That's still essentially a backup/restore procedure,
Its a restore at least
> and it would still only work within compatible models of the same
> vendor, I guess?
>
>> Yeah pkcs11 allows you to import keys. This is exactly what I do
>> for my process. I generate outside my Luna cluster and import via
>> a p11 client and then I lock the key so it can't be re-exported.
>
> Sure, same here on the cheap-ass side of things.
> But I think I'd be happier if I wouldn't have to do that (but that
> would spell vendor-lock-in, AFAIU).
>
> -peter
- RE: [eduGAIN-discuss] HSM use cases, (continued)
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 27-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Muhammad Farhan SJAUGI, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Guy Halse, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 03/28/2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Leif Johansson, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Shannon Roddy, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 29-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Peter Schober, 28-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 28-Mar-2019
- Re: [eduGAIN-discuss] HSM use cases, Joost van Dijk, 29-Mar-2019
- RE: [eduGAIN-discuss] HSM use cases, Alan Lewis, 29-Mar-2019
Archive powered by MHonArc 2.6.19.