Hi Von,
I'll take this off list coz it's pure business rather than crypto.
On 16/04/12 23:55 PM, Von Welch wrote:
On Apr 15, 2012, at 4:02 AM, ianG wrote:
Yep, that's the sort of info I was after - non-sticker price costs :) OK,
several to six months FTE or mm. That feels about right.
I'm not sure about the outsourcing bit. What does it mean to preserve your
secrets in a HSM and then hand the HSM over to the care of someone else... ?
I'm not ruling it out, it's just that we seem to have a strange confluence of
contrary objectives :)
Different model than you suggest - they own the CA (we never handle the HSM or
CA keys). They delegate registration authority to us, so we approve requests
and they issue the certificate (with a similar model for revocations).
Ah! That makes sense. What my brain refused to see was that this was a
straight CA.
Obviously that's a very simple explanation of a complicated set of agreements.
It makes sense for us because we are well situated to vet our users, hosts and
services but not well situated to run a CA.
And yes, the trade off is if the relationship falls apart, we build a new PKI
since we don't own the CA.
Yup, but that all depends on what point you start from. If your
starting point is that you want to improve on the security provided by
external, commercial CAs, then this is better than the straight offering.
If on the other hand you want to improve your internal security up to
some mandated standard, then you might have an issue. For most all
businesses this would be OK I think. Where it would become a nuisance
would be things like national security. It would be interesting to see
how they handle the audit. "We have a contract with a commercial
organisation promising not to roll us over..."
iang
Von
iang
On 11/04/12 00:12 AM, Von Welch wrote:
Ian,
I've led or been involved with several projects in academia that have used
HSMs as a basis for a CA. I can't say I've done a cost analysis at the level of
granularity you seem to be looking for, but I will say that at a high-level,
the added personnel costs of integrating and maintaining an HSM have been the
dominant factor in my experience.
I estimate several-to-six (depending on the experience of the staff)
additional FTE*months to understand the HSM (documentation always seems
lacking) and get it working with our security libraries (OpenSSL typically).
Maintenance is painful for a one-off since the HSM is this completely unique
hardware and software system sitting in ones infrastructure, so that is a
significant fraction of a person plus a small fraction of a second for backup
(vacations, continuity, etc.).
We did a second site redundant HSM-based CA once and it was a lengthy process
mainly due to the staff there having to come up to speed on the HSM, again
several FTE*months.
I try to avoid this now and in my most recent project we're outsourcing this
to a commercial vendor and it's my expectation the initial legal/policy issues
with that route will be less painful than the HSM technical issues and then
maintenance will be simpler.
Von
On Apr 10, 2012, at 2:26 AM, ianG wrote:
Does anyone have any estimates for the project cost of employing HSMs at a
single task? (e.g., protecting / deploying a single secret, not a network of
them.)
I'm not looking for sticker prices but project costings, including: spare
devices, programming, work-throughs and transfers, documentation, testing
recovery paths, training, maintenance contracts, upgrades, etc.
In comparison to the null project, not using them (e.g., using straight servers
in locked racks etc).
tia,
iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography