[Cryptech Tech] Fwd: cryptech and keyless ssl
Leif Johansson
leifj at sunet.se
Sun Sep 27 14:06:44 UTC 2015
On 2015-09-26 23:15, Randy Bush wrote:
> [ forwarded with permission ]
>
> From: Jari Arkko <jari.arkko at piuha.net>
> Subject: cryptech and keyless ssl
> To: Randy Bush <randy at psg.com>, Stephen Farrell <stephen.farrell at cs.tcd.ie>
> Date: Sat, 26 Sep 2015 07:54:38 -0400
>
> We’ve been having a meeting about mobile networks and encryption… one
> of the points that came up was better distribution mechanisms for
> CDNs, for instance allowing private keys to stay in service provider
> network even if many boxes around the world are representing your web
> site with real certs and HTTPS.
>
> A technique called keyless ssl has been championed by akamai; the
> basic idea is to remote the HSM from the CDN box to the actual content
> owner. A protocol, nothing too surprising.
>
> This will probably go forward at the IETF, maybe a new WG or
> something.
>
> However, it also occurred to me that a good implementation of that is
> remote cryptech
>
> This might be something for you guys to think about.
>
> Jari
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech
>
I've heard of it - I believe Ericsson was working on something similar
and presented something along those lines @ last IETF
More information about the Tech
mailing list