On Apr 15, 2012, at 4:02 AM, ianG wrote: > Yep, that's the sort of info I was after - non-sticker price costs :) OK, > several to six months FTE or mm. That feels about right. > > I'm not sure about the outsourcing bit. What does it mean to preserve your > secrets in a HSM and then hand the HSM over to the care of someone else... ? > I'm not ruling it out, it's just that we seem to have a strange confluence of > contrary objectives :)
Different model than you suggest - they own the CA (we never handle the HSM or CA keys). They delegate registration authority to us, so we approve requests and they issue the certificate (with a similar model for revocations). Obviously that's a very simple explanation of a complicated set of agreements. It makes sense for us because we are well situated to vet our users, hosts and services but not well situated to run a CA. And yes, the trade off is if the relationship falls apart, we build a new PKI since we don't own the CA. Von > > iang > > > On 11/04/12 00:12 AM, Von Welch wrote: >> Ian, >> >> I've led or been involved with several projects in academia that have used >> HSMs as a basis for a CA. I can't say I've done a cost analysis at the level >> of granularity you seem to be looking for, but I will say that at a >> high-level, the added personnel costs of integrating and maintaining an HSM >> have been the dominant factor in my experience. >> >> I estimate several-to-six (depending on the experience of the staff) >> additional FTE*months to understand the HSM (documentation always seems >> lacking) and get it working with our security libraries (OpenSSL typically). >> Maintenance is painful for a one-off since the HSM is this completely unique >> hardware and software system sitting in ones infrastructure, so that is a >> significant fraction of a person plus a small fraction of a second for >> backup (vacations, continuity, etc.). >> >> We did a second site redundant HSM-based CA once and it was a lengthy >> process mainly due to the staff there having to come up to speed on the HSM, >> again several FTE*months. >> >> I try to avoid this now and in my most recent project we're outsourcing >> this to a commercial vendor and it's my expectation the initial legal/policy >> issues with that route will be less painful than the HSM technical issues >> and then maintenance will be simpler. >> >> Von >> >> >> >> On Apr 10, 2012, at 2:26 AM, ianG wrote: >> >>> Does anyone have any estimates for the project cost of employing HSMs at a >>> single task? (e.g., protecting / deploying a single secret, not a network >>> of them.) >>> >>> I'm not looking for sticker prices but project costings, including: spare >>> devices, programming, work-throughs and transfers, documentation, testing >>> recovery paths, training, maintenance contracts, upgrades, etc. >>> >>> In comparison to the null project, not using them (e.g., using straight >>> servers in locked racks etc). >>> >>> tia, >>> >>> iang >>> _______________________________________________ >>> cryptography mailing list >>> [email protected] >>> http://lists.randombit.net/mailman/listinfo/cryptography >> > _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
