Mike, SafeNet is working with IBM to come up with a FIPS 140 level 4 HSM. I don't know what the current state of development is but do you think it's worth asking them if they could incorporate a trusted path authentication that has a bit more flexibility? The worst thing that could happen is they say no. Thanks, Al On 10/2/14, 2:06 PM, "Michael StJohns" <msj@nthpermutation.com> wrote:
On 10/2/2014 1:42 PM, Bolivar, Al wrote:
I would like to add that I support the addition of another vendor. Tomofumi and I spoke to another vendor about introducing a competing FIPS 140-2 level 4 HSM. In my opinion having other choices will be positive.
Thanks,
Al
One of my pet peeves with the HSM vendors is that none of them provide more than rudimentary policy controls on the use of keys. I keep waiting for someone to make an HSM that implements either the Javacard Connected standards or something similar so I can define a programmatic policy wrapper more comprehensive than "I need a PIN to use it" "I need two PINs to use it" "I need a smart card to use it" etc. I can do this on a smart card, why is it so hard to do it on a big iron HSM?
Mike
_______________________________________________ ksk-rollover mailing list ksk-rollover@icann.org https://mm.icann.org/mailman/listinfo/ksk-rollover