[Cryptech Tech] [FORGED] Re: [FORGED] News item: Major HSM vulnerabilities impact banks, cloud providers, governments

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Jun 12 08:28:24 UTC 2019

Previous message (by thread): [Cryptech Tech] [FORGED] News item: Major HSM vulnerabilities impact banks, cloud providers, governments
Next message (by thread): [Cryptech Tech] [FORGED] News item: Major HSM vulnerabilities impact banks, cloud providers, governments
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Leif Johansson <leifj at sunet.se> writes:

>Needless to say that seems like a ... unique property to have in your P11
>impl but I am worried I have misread the paper.

Many vendors overload PKCS #11 to do custom stuff... well not so much overload
but use vendor-specific attributes and mechanisms (via things like
CKA_VENDOR_DEFINED) to do whatever they want while still making it look like
PKCS #11.  Sort of like smart cards where all the interesting stuff happens in
CLA = <vendor-proprietary>.

Peter.

Previous message (by thread): [Cryptech Tech] [FORGED] News item: Major HSM vulnerabilities impact banks, cloud providers, governments
Next message (by thread): [Cryptech Tech] [FORGED] News item: Major HSM vulnerabilities impact banks, cloud providers, governments
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list