[Cryptech Tech] Restricting FPGA signing

Jakob Schlyter jakob at kirei.se
Sat Jan 31 14:30:31 UTC 2015

Previous message: [Cryptech Tech] Restricting FPGA signing
Next message: [Cryptech Tech] Restricting CA signing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 31 jan 2015, at 09:37, Basil Dolmatov <dol at reedcat.net> wrote:
> 
> I would not go that way... 
> Resource-consuming "Security Theatre" © with no threats mitigating. 

I do not agree.

At some point we want the HSM to sign only things it can parse and that is compliant with the configured policy. The restricted mode I described is half of this (the other half is the inspection code in the ARM). One threat mitigated is the compromised host signing things valid in the future.

	jakob

Previous message: [Cryptech Tech] Restricting FPGA signing
Next message: [Cryptech Tech] Restricting CA signing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list