An open discussion list for topics related to the eduGAIN interfederation service.

[Alan Lewis <alan.lewis AT geant.org>]

Hello Leif,

If I understand the approach correctly the idea is to generate a LTK and 
deploy it for production and also in a securely stored HSM so that you could 
re-deploy the key should the production HSM be compromised or upgraded.

While I can see the logic of this approach, if I have understood it correctly 
it does seem to have some weaknesses:

1) The key is effectively exported to another (backup) HSM, and it's security 
is linked to the security of the HSM. In order ensure the LTK is can continue 
to be safely stored in the event that the production HSM is replaced by the 
backup HSM it must be exportable to enable it to be cloned in a new backup 
HSM.

2) Exporting the key  to achieve backup is not compatible with a prudent 
security approach where a key should never leave the HSM.

3) The approach would work in an environment where few keys are required, but 
does not scale easily if many keys are required top be held in a backup HSM. 
This might require several HSMs to store the key material.

Best regards

Alan

Alan Lewis
Trust and Identity Services Product Manager

GÉANT 
Direct Tel: +44 (0)1223 371409
Mobile: +44 (0) 7500 891616
Switchboard: +44 (0)1223 371300
Networks • Services • People 
Learn more at www.geant.org​
​
GÉANT Vereniging (Association) is registered with the Chamber of Commerce in 
Amsterdam with registration number 40535155 and operates in the UK as a 
branch of GÉANT Vereniging. Registered office: Hoekenrode 3, 1102BR 
Amsterdam, The Netherlands. UK branch address: City House, 126-130 Hills 
Road, Cambridge CB2 1PQ, UK.

-----Original Message-----
From: edugain-discuss-request AT lists.geant.org 
<edugain-discuss-request AT lists.geant.org> On Behalf Of Peter Schober
Sent: 28 March 2019 10:41
To: edugain-discuss AT lists.geant.org
Subject: Re: [eduGAIN-discuss] HSM use cases

* Leif Johansson <leifj AT sunet.se> [2019-03-28 11:28]:
> > If that exists I'm certainly all for it. It's not like I *want* to 
> > own the processes of secure key creation when the HSM could do it 
> > (and hopefully with a better RNG, at least with Cryptech).
> 
> Yeah but you might want to have > 1 HSM - one you lock into a safe 
> where you do key generation and one where you deploy the key for 
> production because that may allow you to switch between multiple 
> generations of HSM hardware without re-generating a long-term key.

I don't follow. That's still essentially a backup/restore procedure, and it 
would still only work within compatible models of the same vendor, I guess?

> Yeah pkcs11 allows you to import keys. This is exactly what I do for 
> my process. I generate outside my Luna cluster and import via a p11 
> client and then I lock the key so it can't be re-exported.

Sure, same here on the cheap-ass side of things.
But I think I'd be happier if I wouldn't have to do that (but that would 
spell vendor-lock-in, AFAIU).

-peter

Attachment: smime.p7s
Description: S/MIME cryptographic signature