[Cryptech Tech] Fwd: Question regarding Trusted Path Authentication

Leif Johansson leifj at sunet.se
Fri Dec 19 09:46:16 UTC 2014


On 12/19/2014 10:37 AM, Okubo, Tomofumi wrote:
> Dear Peter,
> 
> Thank you for your comment.
> 
> While I understand your argument regarding complexity, I was hoping the
> open design HSM could be used for key management operations that require
> multi person control. If you are implying that those who require stringent
> key management operation are not the intended audience, I totally
> understand.

I don't think that is true at all. The project actually *has* identified
m-by-n as important for some of our use cases.

The original motivation for this project (Russ and Randy can add
more bits here) is about high-assurance crypto so we *definitely*
want to be able to enable stringent key management.

> 
> I thought it would be nice if the open design HSM also supports the
> functions that is required to perform proper key management along with
> quality crypto. That way, high-value PKI services that require stringent
> security controls could adopt the open design HSM which I think would be
> revolutionary.
> 
> FWIW, I can help document key management practices (how to run key
> ceremonies and how to handle HSMs) that ships with open design HSM if that
> helps to reduce the complexity and improve user experience.
> 

We would really appreciate that contribution!

	Cheers Leif




More information about the Tech mailing list