[149164] in cryptography@c2.net mail archive
Re: [Cryptography] HSM's
daemon@ATHENA.MIT.EDU (Thierry Moreau)
Tue Jan 21 13:35:10 2014
X-Original-To: cryptography@metzdowd.com
Date: Tue, 21 Jan 2014 06:46:58 -0500
From: Thierry Moreau <thierry.moreau@connotech.com>
To: Tony Arcieri <bascule@gmail.com>
In-Reply-To: <CAHOTMVJLJroA-MgAJ4jW2z=B8ZcPeR=wyXdFfvLkzr+1V6QFWw@mail.gmail.com>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>,
Bill Frantz <frantz@pwpconsult.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Tony Arcieri wrote:
> On Sun, Jan 19, 2014 at 10:54 AM, Bill Frantz <frantz@pwpconsult.com
> <mailto:frantz@pwpconsult.com>> wrote:
>
> There seem to be at least three approaches to the problem: (1) Split
> the key into enough pieces that a single rogue HSM can't compromise
> security. (2) Isolate the HSM(s) such that they can't communicate
> the key or perform rogue signatures. (3) Require signatures from all
> the HSMs for validity.
>
>
> Just want to say I love #3: multisignature trust, because it completely
> decentralizes the problem and no one machine ever has to reassemble a
> master secret.
>
On the other hand, each relying party has to reassemble a public key set
with each elementary public key subject to revocation, rollover, and the
like. Not a trivial task for a large population of relying parties.
--
- Thierry Moreau
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
