[Cryptech Tech] Fwd: cryptech and keyless ssl

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Sep 28 17:38:33 UTC 2015

Previous message (by thread): [Cryptech Tech] Fwd: cryptech and keyless ssl
Next message (by thread): [Cryptech Tech] PKCS #11 URIs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun 2015-09-27 10:06:44 -0400, Leif Johansson wrote:
> On 2015-09-26 23:15, Randy Bush wrote:
>> [ forwarded with permission ]
>> 
>> From: Jari Arkko <jari.arkko at piuha.net>
>> Subject: cryptech and keyless ssl
>>
>> A technique called keyless ssl has been championed by akamai; the
>> basic idea is to remote the HSM from the CDN box to the actual content
>> owner. A protocol, nothing too surprising.
>
> I've heard of it - I believe Ericsson was working on something similar
> and presented something along those lines @ last IETF

Cloudflare has a variant on this as well, which they also call "keyless
SSL":

  https://www.cloudflare.com/keyless-ssl

Pretty annoying terminology; no one shold be using any version of SSL at
all any more, since TLS has been available for over 15 years :)

The Ericsson variant of this was presented at the TLS WG meeting in
Prague:

 https://www.ietf.org/proceedings/93/slides/slides-93-tls-5.pdf

       --dkg

Previous message (by thread): [Cryptech Tech] Fwd: cryptech and keyless ssl
Next message (by thread): [Cryptech Tech] PKCS #11 URIs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list