[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: securing FAS certs



On Thu, 2008-08-21 at 14:18 -0500, Jeffrey Ollie wrote:
> What about using a crypto card like Jesse plans on using for Sigul?

I wonder if a TPM can be (ab)used for this, too; they are pretty common
on newer hardware, and store a key in HW that can not be extracted. 

Not sure though if anybody has looked at using it to sign SSL certs, and
especially at keeping logs of what was signed in a way that makes it
impossible to tamper with those logs, e.g. to hide the signing of some
certs.

David



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]