[Cryptech Tech] LURK as interface to HSM
Basil Dolmatov
dol at reedcat.net
Sat Mar 19 19:27:28 UTC 2016
As I can see, lurk charter is quite specific.
Cryptech product could be somewhat used for lurk goals but is not limited to it.
Hope to discuss it during IETF95.
dol@ с iPad
> 19 марта 2016 г., в 22:07, Randy Bush <randy at psg.com> написал(а):
>
> Date: Sat, 19 Mar 2016 13:53:56 -0400
> Subject: LURK as interface to HSM
> From: Phillip Hallam-Baker <phill at hallambaker.com>
> To: Randy Bush <randy at psg.com>
>
> Randy,
>
> This is my proposal for LURK
>
> https://tools.ietf.org/html/draft-hallambaker-lurk-00
>
> The reason I think it is relevant to your HSM work is that it is
> essentially a standardized remote API for a HSM.
>
> I will be putting the code up on github 'soon'.
>
> Stephen Farrell's LURK vision seems to be that the TLS server is
> talking to some service in the cloud. I suspect that is the wrong
> model and what is really wanted here is a deployment model where I can
> buy a HSM box of my choice, configure it to bind it to my trust nexus
> and then ship it off to the Content Delivery Network to sit in the
> same data center as my server.
>
> Which is a proposal I have wanted for a long time but wasn't feasible
> without a suitable HSM device. This is a model that could establish
> the demand necessary for production.
>
> Alternatively, I want to be using a similar model for code signing.
> Selling a HSM to keep the code signing keys safe is essentially the
> 'do you want fries with that' upsell for code signing certificates.
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech
More information about the Tech
mailing list