[Cryptech Tech] The cert for cryptech.is

Joachim Strömbergson joachim at secworks.se
Sat Mar 29 07:40:55 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Lately I've been having more and more conversations about Cryptech with
both engineers as well as more non-tech people. Politicians for example.
I was as The EU parliament on Wednesday and held a presentation on Open
Crypto that also included some slides on Cryptech.

One thing I get as feedback from these conversations is that people are
stumped on the usage of a self signed cert.

Yes it opens up an opportunity to discuss the state of CAs and blind
trust in Trust Stores. But that actually seems to divert the discussion
about OpenHSMs. And among the more knowledgeable I get comments like
"unprofessional", "broken", "bad". Basically, since self signed certs
are in general considered bas, Cryptech does not look like a serious
project. And by using a self signed cert and telling non-tech people to
just ignore the warning we actually contribute to the confusion
surrounding certs.

I therefore conclude that by using a self signed cert we are not doing
ourselves and our project a favor. That it makes adoption and trust in
our work harder to get, not easier. That it takes the focus away from
the need of open HSMs.

Lets select our fight. Focus on building a good, open platform for HSMs
and then try to be more mainstream and simply go with a good cert.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJTNnkHAAoJEF3cfFQkIuyNoaYP/0zD75N/BYeFvjTRiuNVC70S
7vgY23nO3q9klrM52S8KHHaXTiueYq/iSWJ+3q/0jOrt13x80Ve2379/Y5kqbvDg
BxPx2ZiV45mKIeR/eVCYq/zr45pfUfLfwQ3tnSZV/Um7PpNgv3zHsH0Cjd3mflb5
ZM+pOCnguvQd2rF524DKz+043J5scdj0Zc26voBYK0A8Xpap8NEp9RBH8QUXO7oA
c+BDnQGEaGqpkQfxqe77qAb9i2h/lKKMx/JcbenfTdbR/Qnz9YL4R70H9gsUxMlX
FeBoAKEVpeT7I6fZIf4jaCLtDsal7zxyHCFcxOfYkO4+tP/4v3xn+TJM8BoW7h79
NcAa/oOSe14yD/DdpOXGd+TAASdRAAGst1THuoFwX4ZNe4VD6HE312XYpYW+GMr4
rh+YjZYPqzcfoKUq/MAvlvQB0/hX3i1/68kb2L0BKxC5B0vLekpqZjquG3SfNXh7
3f4/MQEnYH/8Oo9PR3CHdjeNHvVpCoGVJIN1JObbDkiFg65PgWZqMgjtGpCgroM6
DKW0BhBwPblS2ETiTLnXf5FLaHk6pNBJmTk+AV+rwWOMgJE8GRHk/IqtebjxKre0
Rfbng68ywbCWepKUhnXhpO3coDnDGv1OPUw31Q8RWb6SDWjNIDzVVUWICI/C4hJo
75Wq0xjzQwVZ7TIAqv9E
=L2og
-----END PGP SIGNATURE-----



More information about the Tech mailing list