[Cryptech Tech] Fwd: Question regarding Trusted Path Authentication

[Okubo, Tomofumi]

Hello Leif,

Thank you for the clarification.
I¹m looking forward to contributing to the team.

I understand it would still be on the lower side of the wish list due to
the amount of work that is required to implement this but I¹m happy as
long as it would be there sometime in the future.

Thanks and best regards,
Tomofumi


On 12/19/14, 1:46 AM, "Leif Johansson" <leifj at sunet.se> wrote:

>On 12/19/2014 10:37 AM, Okubo, Tomofumi wrote:
>> Dear Peter,
>> 
>> Thank you for your comment.
>> 
>> While I understand your argument regarding complexity, I was hoping the
>> open design HSM could be used for key management operations that require
>> multi person control. If you are implying that those who require
>>stringent
>> key management operation are not the intended audience, I totally
>> understand.
>
>I don't think that is true at all. The project actually *has* identified
>m-by-n as important for some of our use cases.
>
>The original motivation for this project (Russ and Randy can add
>more bits here) is about high-assurance crypto so we *definitely*
>want to be able to enable stringent key management.
>
>> 
>> I thought it would be nice if the open design HSM also supports the
>> functions that is required to perform proper key management along with
>> quality crypto. That way, high-value PKI services that require stringent
>> security controls could adopt the open design HSM which I think would be
>> revolutionary.
>> 
>> FWIW, I can help document key management practices (how to run key
>> ceremonies and how to handle HSMs) that ships with open design HSM if
>>that
>> helps to reduce the complexity and improve user experience.
>> 
>
>We would really appreciate that contribution!
>
>	Cheers Leif
>
>
>_______________________________________________
>Tech mailing list
>Tech at cryptech.is
>https://lists.cryptech.is/listinfo/tech