Date: Sat, 19 Mar 2016 13:53:56 -0400 Subject: LURK as interface to HSM From: Phillip Hallam-Baker <ph...@hallambaker.com> To: Randy Bush <ra...@psg.com>
Randy, This is my proposal for LURK https://tools.ietf.org/html/draft-hallambaker-lurk-00 The reason I think it is relevant to your HSM work is that it is essentially a standardized remote API for a HSM. I will be putting the code up on github 'soon'. Stephen Farrell's LURK vision seems to be that the TLS server is talking to some service in the cloud. I suspect that is the wrong model and what is really wanted here is a deployment model where I can buy a HSM box of my choice, configure it to bind it to my trust nexus and then ship it off to the Content Delivery Network to sit in the same data center as my server. Which is a proposal I have wanted for a long time but wasn't feasible without a suitable HSM device. This is a model that could establish the demand necessary for production. Alternatively, I want to be using a similar model for code signing. Selling a HSM to keep the code signing keys safe is essentially the 'do you want fries with that' upsell for code signing certificates. _______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
