[dns-operations] Summary: Anyone still using a Sun/Oracle SCA6000 with OpenSSL?
richard.lamb at icann.org
Tue Oct 16 18:35:45 UTC 2012
That's why my reference to " pomp and circumstance". In the TPM/TCG spec, migration uses its own separate authentication key. Just M-of-N this with a large N and it becomes harder to pull this off. I am no expert so this may be wrong but I imagine (hope) the TCG folk are.
From: Daniel Kalchev [mailto:daniel at digsys.bg]
Sent: Tuesday, October 16, 2012 12:00 PM
To: Richard Lamb
Cc: George Michaelson; dns-operations at mail.dns-oarc.net
Subject: Re: [dns-operations] Summary: Anyone still using a Sun/Oracle SCA6000 with OpenSSL?
On Oct 15, 2012, at 12:41 AM, Richard Lamb <richard.lamb at icann.org> wrote:
> Why not the tpm migration method? I. E.
> The receiving hsm produces the public half of a master storage key.
> Then the starting hsm "authorizes" the key for use for exporting with
> pomp and circumstance ;-) Then the starting hsm encrypts it's keys with this key (rsa) for transfer to the receiving hsm.
> Receiving hsm unwraps the key using its private key.
Problem with this migration method is that the sending HSM has to trust the transport keys it receives. It could very easily be tricked to export it's keys to any party who provides transport keys.
This possibility makes the "secure" aspect of the HSM irrelevant and the thing just a piece of hardware to show people and claim "we are secure, as we paid this bunch of money".
More information about the dns-operations