[Cryptech Tech] LURK as interface to HSM

Randy Bush randy at psg.com
Sat Mar 19 19:07:43 UTC 2016


Date: Sat, 19 Mar 2016 13:53:56 -0400
Subject: LURK as interface to HSM
From: Phillip Hallam-Baker <phill at hallambaker.com>
To: Randy Bush <randy at psg.com>

Randy,

This is my proposal for LURK

https://tools.ietf.org/html/draft-hallambaker-lurk-00

The reason I think it is relevant to your HSM work is that it is
essentially a standardized remote API for a HSM.

I will be putting the code up on github 'soon'.

Stephen Farrell's LURK vision seems to be that the TLS server is
talking to some service in the cloud. I suspect that is the wrong
model and what is really wanted here is a deployment model where I can
buy a HSM box of my choice, configure it to bind it to my trust nexus
and then ship it off to the Content Delivery Network to sit in the
same data center as my server.

Which is a proposal I have wanted for a long time but wasn't feasible
without a suitable HSM device. This is a model that could establish
the demand necessary for production.

Alternatively, I want to be using a similar model for code signing.
Selling a HSM to keep the code signing keys safe is essentially the
'do you want fries with that' upsell for code signing certificates.


More information about the Tech mailing list