[Cryptech Tech] Fwd: cryptech and keyless ssl

[Leif Johansson]

On 2015-09-26 23:15, Randy Bush wrote:
> [ forwarded with permission ]
> 
> From: Jari Arkko <jari.arkko at piuha.net>
> Subject: cryptech and keyless ssl
> To: Randy Bush <randy at psg.com>, Stephen Farrell <stephen.farrell at cs.tcd.ie>
> Date: Sat, 26 Sep 2015 07:54:38 -0400
> 
> We’ve been having a meeting about mobile networks and encryption… one
> of the points that came up was better distribution mechanisms for
> CDNs, for instance allowing private keys to stay in service provider
> network even if many boxes around the world are representing your web
> site with real certs and HTTPS.
> 
> A technique called keyless ssl has been championed by akamai; the
> basic idea is to remote the HSM from the CDN box to the actual content
> owner. A protocol, nothing too surprising.
> 
> This will probably go forward at the IETF, maybe a new WG or
> something.
> 
> However, it also occurred to me that a good implementation of that is
> remote cryptech
> 
> This might be something for you guys to think about.
> 
> Jari
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech
> 


I've heard of it - I believe Ericsson was working on something similar
and presented something along those lines @ last IETF