On Apr 15, 2012, at 4:02 AM, ianG wrote:

> Yep, that's the sort of info I was after - non-sticker price costs :) OK, 
> several to six months FTE or mm.  That feels about right.
> 
> I'm not sure about the outsourcing bit.  What does it mean to preserve your 
> secrets in a HSM and then hand the HSM over to the care of someone else... ?  
> I'm not ruling it out, it's just that we seem to have a strange confluence of 
> contrary objectives :)

Different model than you suggest - they own the CA (we never handle the HSM or 
CA keys).  They delegate registration authority to us, so we approve requests 
and they issue the certificate (with a similar model for revocations). 

Obviously that's a very simple explanation of a complicated set of agreements.

It makes sense for us because we are well situated to vet our users, hosts and 
services but not well situated to run a CA.

And yes, the trade off is if the relationship falls apart, we build a new PKI 
since we don't own the CA.

Von

> 
> iang
> 
> 
> On 11/04/12 00:12 AM, Von Welch wrote:
>> Ian,
>> 
>>  I've led or been involved with several projects in academia that have used 
>> HSMs as a basis for a CA. I can't say I've done a cost analysis at the level 
>> of granularity you seem to be looking for, but I will say that at a 
>> high-level, the added personnel costs of integrating and maintaining an HSM 
>> have been the dominant factor in my experience.
>> 
>>  I estimate several-to-six (depending on the experience of the staff) 
>> additional FTE*months to understand the HSM (documentation always seems 
>> lacking) and get it working with our security libraries (OpenSSL typically). 
>> Maintenance is painful for a one-off since the HSM is this completely unique 
>> hardware and software system sitting in ones infrastructure, so that is a 
>> significant fraction of a person plus a small fraction of a second for 
>> backup (vacations, continuity, etc.).
>> 
>>  We did a second site redundant HSM-based CA once and it was a lengthy 
>> process mainly due to the staff there having to come up to speed on the HSM, 
>> again several FTE*months.
>> 
>>  I try to avoid this now and in my most recent project we're outsourcing 
>> this to a commercial vendor and it's my expectation the initial legal/policy 
>> issues with that route will be less painful than the HSM technical issues 
>> and then maintenance will be simpler.
>> 
>> Von
>> 
>> 
>> 
>> On Apr 10, 2012, at 2:26 AM, ianG wrote:
>> 
>>> Does anyone have any estimates for the project cost of employing HSMs at a 
>>> single task?  (e.g., protecting / deploying a single secret, not a network 
>>> of them.)
>>> 
>>> I'm not looking for sticker prices but project costings, including: spare 
>>> devices, programming, work-throughs and transfers, documentation, testing 
>>> recovery paths, training, maintenance contracts, upgrades, etc.
>>> 
>>> In comparison to the null project, not using them (e.g., using straight 
>>> servers in locked racks etc).
>>> 
>>> tia,
>>> 
>>> iang
>>> _______________________________________________
>>> cryptography mailing list
>>> [email protected]
>>> http://lists.randombit.net/mailman/listinfo/cryptography
>> 
> 

_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to