On Thu, Oct 17, 2013 at 6:04 AM, Gervase Markham wrote:
> On 17/10/13 00:07, Phillip Hallam-Baker wrote:
> > Each HSM vendor has their own security controls but a FIPS140 level 4
> > device won't release them except to another FIPS-140 device. There is no
> > way to extract the key from the syste
On 10/17/2013 1:04 PM, Gervase Markham wrote:
On 17/10/13 00:07, Phillip Hallam-Baker wrote:
Each HSM vendor has their own security controls but a FIPS140 level 4
device won't release them except to another FIPS-140 device. There is no
way to extract the key from the system unencrypted.
Phil: w
On 17/10/13 00:07, Phillip Hallam-Baker wrote:
> Each HSM vendor has their own security controls but a FIPS140 level 4
> device won't release them except to another FIPS-140 device. There is no
> way to extract the key from the system unencrypted.
Phil: what prevents a government just turning up w
Where exactly am I speculating?
Am 17.10.2013 um 01:07 schrieb Phillip Hallam-Baker :
> On Wed, Oct 16, 2013 at 5:26 PM, Oliver Loch wrote:
>
>> Hi,
>>
>> these devices are nothing else than a modified server that runs some
>> special OS or services on them. The keys are stored inside and can
On Wed, Oct 16, 2013 at 5:26 PM, Oliver Loch wrote:
> Hi,
>
> these devices are nothing else than a modified server that runs some
> special OS or services on them. The keys are stored inside and can be
> transferred for backup- or clustering reasons. So there are at least two
> ways to get your
Hi,
these devices are nothing else than a modified server that runs some special OS
or services on them. The keys are stored inside and can be transferred for
backup- or clustering reasons. So there are at least two ways to get your
fingers on those keys. Even if they are still encrypted. The p
On 15/10/13 16:00, Oliver Loch wrote:
> Based on the sentences people are facing - if they start talking to
> the public - it's really possible that the hand full of people that
> know that their company handed out the root cert's private key are
> keeping their mouth shut.
It's not like the root
Hi,
Am 15.10.2013 um 15:42 schrieb Jan Schejbal :
> Hi,
> what I found interesting is that the leaks showed that the NSA attempts
> to obtain the private keys for the real certificates. This means they
> probably don't really like to use CA-signed separate certificates. I
> think there are severa
Hi,
Am 15.10.2013 um 16:46 schrieb Phillip Hallam-Baker :
>
>
>
> On Tue, Oct 15, 2013 at 6:59 AM, Oliver Loch wrote:
> Hi,
>
> as we all know from the NSA disclosures of Edward Snowden, the NSA is
> collecting data and has access to any data that is available in the USA.
> We've also lear
On Tue, Oct 15, 2013 at 6:59 AM, Oliver Loch wrote:
> Hi,
>
> as we all know from the NSA disclosures of Edward Snowden, the NSA is
> collecting data and has access to any data that is available in the USA.
> We've also learned that companies which are located on USA soil, must hand
> the NSA and
Hi,
what I found interesting is that the leaks showed that the NSA attempts
to obtain the private keys for the real certificates. This means they
probably don't really like to use CA-signed separate certificates. I
think there are several reasons for that:
- Using a different certificate can be d
Indeed we must be aware that USA based companies can easily pressed to handover
data, including CA's. This also for stored data in an other countries by USA
companies, like Ireland etc.
It is really a concern including expected backdoors in all kind of USA based
software/firmware, even softw
Hi,
as we all know from the NSA disclosures of Edward Snowden, the NSA is
collecting data and has access to any data that is available in the USA. We've
also learned that companies which are located on USA soil, must hand the NSA
and other governmental institutions any requested data available.
13 matches
Mail list logo
