[Cryptech Tech] Restricting FPGA signing

Randy Bush randy at psg.com
Wed Jan 28 15:12:03 UTC 2015

Previous message: [Cryptech Tech] Restricting FPGA signing
Next message: [Cryptech Tech] Restricting FPGA signing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

from another channel

Steve Kent responding to me

    >    o Question from CrypTech project: we are inclined to put
    >      request validity rules inside the tamper boundary.  E.g. does
    >      a cert signer enforce application-specific semantics on what
    >      it is willing to sign, e.g. validity period limits, alg
    >      types, etc.?  Does this make sense?  Will it scale with
    >      DNSsec, RPKI, and ghu knows what else?  Can rules be
    >      abstracted into a general syntax (we think not)?

    That might be a very powerful mechanism. It's very analogous to what
    we implemented for the BBN SafeKeyper product, where rules could be
    imposed on certs and CRLs that a CA was asked to sign. Note that
    there is a patent on that mechanism (US # 6,671,804).

:(

steve said he could try to get bbn, now raytheon (a major usg dark side
contractor) to license for low or free, but was not optimistic.

randy

Previous message: [Cryptech Tech] Restricting FPGA signing
Next message: [Cryptech Tech] Restricting FPGA signing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list