At 09:09 PM 6/2/2009, Mark Andrews wrote:
HSM's
are better than just having the private component of a
public key sitting on a disk somewhere but in most operational
enviornments they don't add that much more security to the
process.
It depends on the HSM. For example, there are HSMs that allow you to program
just about any policy you want - including the requirement to have at least N
people agree that something needs to be signed. The size of "N" is chosen to
balance need for accountability with that of usefulness. I.e. requiring 20
people to turn the keys to get something signed is probably not useful.
Permitting 1 person to sign without further oversight is probably not enough
accountability.
So saying they don't add much more security is really a statement that might be
correct under really bad management practices, but mostly isn't.
For example, even a simple version of keeping the set of HSM PIN holders
distinct from set of people allowed to physically access the HSM for signing
provides a substantial amount of operational security.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf