[Cryptech Tech] Fwd: cryptech and keyless ssl

Randy Bush randy at psg.com
Sat Sep 26 21:15:25 UTC 2015

Previous message (by thread): [Cryptech Tech] rhnet moving
Next message (by thread): [Cryptech Tech] Fwd: cryptech and keyless ssl
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ forwarded with permission ]

From: Jari Arkko <jari.arkko at piuha.net>
Subject: cryptech and keyless ssl
To: Randy Bush <randy at psg.com>, Stephen Farrell <stephen.farrell at cs.tcd.ie>
Date: Sat, 26 Sep 2015 07:54:38 -0400

We’ve been having a meeting about mobile networks and encryption… one
of the points that came up was better distribution mechanisms for
CDNs, for instance allowing private keys to stay in service provider
network even if many boxes around the world are representing your web
site with real certs and HTTPS.

A technique called keyless ssl has been championed by akamai; the
basic idea is to remote the HSM from the CDN box to the actual content
owner. A protocol, nothing too surprising.

This will probably go forward at the IETF, maybe a new WG or
something.

However, it also occurred to me that a good implementation of that is
remote cryptech

This might be something for you guys to think about.

Jari

Previous message (by thread): [Cryptech Tech] rhnet moving
Next message (by thread): [Cryptech Tech] Fwd: cryptech and keyless ssl
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list