Hi Von,

I'll take this off list coz it's pure business rather than crypto.


On 16/04/12 23:55 PM, Von Welch wrote:

On Apr 15, 2012, at 4:02 AM, ianG wrote:

Yep, that's the sort of info I was after - non-sticker price costs :) OK, 
several to six months FTE or mm.  That feels about right.

I'm not sure about the outsourcing bit.  What does it mean to preserve your 
secrets in a HSM and then hand the HSM over to the care of someone else... ?  
I'm not ruling it out, it's just that we seem to have a strange confluence of 
contrary objectives :)

Different model than you suggest - they own the CA (we never handle the HSM or 
CA keys).  They delegate registration authority to us, so we approve requests 
and they issue the certificate (with a similar model for revocations).


Ah! That makes sense. What my brain refused to see was that this was a straight CA.

Obviously that's a very simple explanation of a complicated set of agreements.

It makes sense for us because we are well situated to vet our users, hosts and 
services but not well situated to run a CA.

And yes, the trade off is if the relationship falls apart, we build a new PKI 
since we don't own the CA.


Yup, but that all depends on what point you start from. If your starting point is that you want to improve on the security provided by external, commercial CAs, then this is better than the straight offering.

If on the other hand you want to improve your internal security up to some mandated standard, then you might have an issue. For most all businesses this would be OK I think. Where it would become a nuisance would be things like national security. It would be interesting to see how they handle the audit. "We have a contract with a commercial organisation promising not to roll us over..."



iang


Von


iang


On 11/04/12 00:12 AM, Von Welch wrote:
Ian,

  I've led or been involved with several projects in academia that have used 
HSMs as a basis for a CA. I can't say I've done a cost analysis at the level of 
granularity you seem to be looking for, but I will say that at a high-level, 
the added personnel costs of integrating and maintaining an HSM have been the 
dominant factor in my experience.

  I estimate several-to-six (depending on the experience of the staff) 
additional FTE*months to understand the HSM (documentation always seems 
lacking) and get it working with our security libraries (OpenSSL typically). 
Maintenance is painful for a one-off since the HSM is this completely unique 
hardware and software system sitting in ones infrastructure, so that is a 
significant fraction of a person plus a small fraction of a second for backup 
(vacations, continuity, etc.).

  We did a second site redundant HSM-based CA once and it was a lengthy process 
mainly due to the staff there having to come up to speed on the HSM, again 
several FTE*months.

  I try to avoid this now and in my most recent project we're outsourcing this 
to a commercial vendor and it's my expectation the initial legal/policy issues 
with that route will be less painful than the HSM technical issues and then 
maintenance will be simpler.

Von



On Apr 10, 2012, at 2:26 AM, ianG wrote:

Does anyone have any estimates for the project cost of employing HSMs at a 
single task?  (e.g., protecting / deploying a single secret, not a network of 
them.)

I'm not looking for sticker prices but project costings, including: spare 
devices, programming, work-throughs and transfers, documentation, testing 
recovery paths, training, maintenance contracts, upgrades, etc.

In comparison to the null project, not using them (e.g., using straight servers 
in locked racks etc).

tia,

iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography




_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to