[Cryptech Tech] The cert for cryptech.is

Leif Johansson leifj at sunet.se
Sat Mar 29 07:51:15 UTC 2014


its actually not self-signed but published as a TLSA-record.. right?

> 29 mar 2014 kl. 08:41 skrev "Joachim Strömbergson" <joachim at secworks.se>:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Aloha!
> 
> Lately I've been having more and more conversations about Cryptech with
> both engineers as well as more non-tech people. Politicians for example.
> I was as The EU parliament on Wednesday and held a presentation on Open
> Crypto that also included some slides on Cryptech.
> 
> One thing I get as feedback from these conversations is that people are
> stumped on the usage of a self signed cert.
> 
> Yes it opens up an opportunity to discuss the state of CAs and blind
> trust in Trust Stores. But that actually seems to divert the discussion
> about OpenHSMs. And among the more knowledgeable I get comments like
> "unprofessional", "broken", "bad". Basically, since self signed certs
> are in general considered bas, Cryptech does not look like a serious
> project. And by using a self signed cert and telling non-tech people to
> just ignore the warning we actually contribute to the confusion
> surrounding certs.
> 
> I therefore conclude that by using a self signed cert we are not doing
> ourselves and our project a favor. That it makes adoption and trust in
> our work harder to get, not easier. That it takes the focus away from
> the need of open HSMs.
> 
> Lets select our fight. Focus on building a good, open platform for HSMs
> and then try to be more mainstream and simply go with a good cert.
> 
> - -- 
> Med vänlig hälsning, Yours
> 
> Joachim Strömbergson - Alltid i harmonisk svängning.
> ========================================================================
> Joachim Strömbergson          Secworks AB          joachim at secworks.se
> ========================================================================
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iQIcBAEBCAAGBQJTNnkHAAoJEF3cfFQkIuyNoaYP/0zD75N/BYeFvjTRiuNVC70S
> 7vgY23nO3q9klrM52S8KHHaXTiueYq/iSWJ+3q/0jOrt13x80Ve2379/Y5kqbvDg
> BxPx2ZiV45mKIeR/eVCYq/zr45pfUfLfwQ3tnSZV/Um7PpNgv3zHsH0Cjd3mflb5
> ZM+pOCnguvQd2rF524DKz+043J5scdj0Zc26voBYK0A8Xpap8NEp9RBH8QUXO7oA
> c+BDnQGEaGqpkQfxqe77qAb9i2h/lKKMx/JcbenfTdbR/Qnz9YL4R70H9gsUxMlX
> FeBoAKEVpeT7I6fZIf4jaCLtDsal7zxyHCFcxOfYkO4+tP/4v3xn+TJM8BoW7h79
> NcAa/oOSe14yD/DdpOXGd+TAASdRAAGst1THuoFwX4ZNe4VD6HE312XYpYW+GMr4
> rh+YjZYPqzcfoKUq/MAvlvQB0/hX3i1/68kb2L0BKxC5B0vLekpqZjquG3SfNXh7
> 3f4/MQEnYH/8Oo9PR3CHdjeNHvVpCoGVJIN1JObbDkiFg65PgWZqMgjtGpCgroM6
> DKW0BhBwPblS2ETiTLnXf5FLaHk6pNBJmTk+AV+rwWOMgJE8GRHk/IqtebjxKre0
> Rfbng68ywbCWepKUhnXhpO3coDnDGv1OPUw31Q8RWb6SDWjNIDzVVUWICI/C4hJo
> 75Wq0xjzQwVZ7TIAqv9E
> =L2og
> -----END PGP SIGNATURE-----
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://cryptech.is/mailman/listinfo/tech


More information about the Tech mailing list