[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: securing FAS certs



On Fri, 22 Aug 2008, David Lutterkort wrote:

> On Thu, 2008-08-21 at 14:18 -0500, Jeffrey Ollie wrote:
> > What about using a crypto card like Jesse plans on using for Sigul?
>
> I wonder if a TPM can be (ab)used for this, too; they are pretty common
> on newer hardware, and store a key in HW that can not be extracted.
>
> Not sure though if anybody has looked at using it to sign SSL certs, and
> especially at keeping logs of what was signed in a way that makes it
> impossible to tamper with those logs, e.g. to hide the signing of some
> certs.
>

Possibly.  I was looking earlier too for something like ssh-agent or gpg
agent to serve this purpose...  Haven't seen anything.  Which.. well
strikes me as strange.  It'd be a software way to do what we're talking
about.

	-Mike


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]