On 2016-03-19 20:24, Leif Johansson wrote: > On 2016-03-19 20:07, Randy Bush wrote: >> Date: Sat, 19 Mar 2016 13:53:56 -0400 >> Subject: LURK as interface to HSM >> From: Phillip Hallam-Baker <ph...@hallambaker.com> >> To: Randy Bush <ra...@psg.com> >> >> Randy, >> >> This is my proposal for LURK >> >> https://tools.ietf.org/html/draft-hallambaker-lurk-00 > > I guess its conceptually not too far from the p11 proxy we're using over > here @ sunet: https://github.com/leifj/pyeleven as a way to > isolate the circus that is pkcs11 from applications. >
cept for the fact that Phil has actually worked out the details... I just send stuff for signature down the pipe > Cheers Leif > >> >> The reason I think it is relevant to your HSM work is that it is >> essentially a standardized remote API for a HSM. >> >> I will be putting the code up on github 'soon'. >> >> Stephen Farrell's LURK vision seems to be that the TLS server is >> talking to some service in the cloud. I suspect that is the wrong >> model and what is really wanted here is a deployment model where I can >> buy a HSM box of my choice, configure it to bind it to my trust nexus >> and then ship it off to the Content Delivery Network to sit in the >> same data center as my server. >> >> Which is a proposal I have wanted for a long time but wasn't feasible >> without a suitable HSM device. This is a model that could establish >> the demand necessary for production. >> >> Alternatively, I want to be using a similar model for code signing. >> Selling a HSM to keep the code signing keys safe is essentially the >> 'do you want fries with that' upsell for code signing certificates. >> _______________________________________________ >> Tech mailing list >> Tech@cryptech.is >> https://lists.cryptech.is/listinfo/tech >> > > > _______________________________________________ > Tech mailing list > Tech@cryptech.is > https://lists.cryptech.is/listinfo/tech > _______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
