[Cryptech Tech] goals / use cases

Warren Kumari warren at kumari.net
Fri Jan 30 23:51:10 UTC 2015


On Fri, Jan 30, 2015 at 8:09 AM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> "Okubo, Tomofumi" <tomokubo at verisign.com> writes:
>
>>[Can an attacker do X?]
>>
>>Yes (but can't get the keys).
>
> How do you reconcile those two?  If an attacker can do all of the X things,
> what prevents them from getting the keys?

I'd thought that that was the whole point of the "high assurance" bits
in  "open hardware cryptographic engine that meets the needs of high
assurance Internet infrastructure systems that rely on cryptography".

The keys (eventually) live in a widget in a security envelope, that
gets wrapped in e.g fine wire mesh and then dunked in epoxy with
environmental sensors for extreme cold, vibration, light, etc and
integrated battery to zeroize when it senses tamper. The standard
"real" HSM type stuff.

The eventual plan for this is to be designs that can be combined into
a real HSM, suitable for use in something like a CA, DNSSEC root or
TLD keys, RPKI keys, etc.

I have a feeling we are talking past each other soemwhere...

>
> Peter.



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf


More information about the Tech mailing list