[149219] in cryptography@c2.net mail archive
Re: [Cryptography] Auditing rngs
daemon@ATHENA.MIT.EDU (lists@notatla.org.uk)
Sat Jan 25 16:24:22 2014
X-Original-To: cryptography@metzdowd.com
Date: Sat, 25 Jan 2014 15:22:29 +0000
To: iang@iang.org, cryptography@metzdowd.com
In-Reply-To: <52DF69CA.3010003@iang.org>
From: lists@notatla.org.uk
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
ianG <iang iang.org> writes:
> That is the general concept, the HSM is for public key operations on a
> high value key-pair. But it is harder to implement than it is to sell.
> There are these difficulties that I've come across (and I'm no more
> than a skeptical observer):
>
> a. the interface requires pretty tight software to drive it, and
> especially for low-frequency, high-value operations such as root key
> creation, there can be a mismatch between the quality of the software
> and the importance of the task.
- The installation instructions might not work.
- The claimed compatibility between the cert manager
and a certain HSM might not exist (till updates fix that).
- Multiple s/w updates might be needed to overcome crashes.
- The vendor might claim your configuration is unsupported
when you've followed their advice in setting it up.
- The vendor may appear to have few people skilled in the product.
> b. backups! Once these high value keys are created, there needs to be
> a process to recover. Lost/broken HSMs? No problems, we'll just buy 3
> instead of 1. Ah, now, how do we get the high value key from HSM 1 to
> HSM 2 ... which has to be done before hand.... HSMs have this ability
> but it's also fraught as above.
You can get continual replication between a set of compatible HSMs in
different locations.
> d. Something goes wrong ... and we don't have the skills to figure it
> out. Only the purchased software can drive the HSM, and that's too hard
> to figure out. The people who set it all up are long gone, the company
> who sold the HSM is sold to another and the salesman wants to solve your
> problem by selling you another better type. Problems of this nature are
> things like serial numbers changing, variations in the HSMs, batteries
> going flat coz they sat on the shelf for 5 years, water damage, fans
> gumming up, host hardware needing to change and having incompatible
> specs, even the size of the new machine can impact, etc etc.
With HSMs on USB or ethernet changing the host hardware is only like
replacing any other server plus data.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
