[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: securing FAS certs



Mike McGrath wrote:
On Thu, 21 Aug 2008, Ricky Zhou wrote:

On 2008-08-21 02:21:34 PM, Mike McGrath wrote:
I've never actually used a crypto card... Do they add additional security
if they're sitting in a colo always plugged in?  If so how do they do
that?
I might be wrong, but I think with such a card, encryption/signing takes
place entirely on the card, and thus the secret key is never transferred
anywhere off the card.


Ah, so the theory being that if someone happens to hit us, they're only
hitting us for as long as the machine is up / card is in.  And I assume
the card actually tracks serial numbers and things so we can revoke
anything that was signed in a questionable time?

That seems like it would work well. Jesse's been having troubles obtaining the card he wants, though (and his is a gpg card, not for ssl certificates).

the big thing might be having open source drivers.

-Toshio

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]