md-distro - Re: [md-distro] Last actions
Subject: Metadata Distribution Subcommittee of TAC
List archive
- From: Tom Scavo <>
- To:
- Subject: Re: [md-distro] Last actions
- Date: Thu, 9 Jan 2014 16:44:31 -0500
On Thu, Jan 9, 2014 at 4:13 PM, Joe St Sauver
<>
wrote:
>
> #See Section 16.6 of the Certificate and Browser Forum Baseline Requirements
> #at https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf
Since this is from the Browser Forum, I assume it regards private keys
used for signing TLS certificates. This may or may not be relevant to
InCommon's metadata signing key, I don't know.
> #For devices certified for FIPS 140 at level 3, check out
> # http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm and
> #then search that web page for the appropriate level
> #
> #For Common Criteria EAL 4 or higher, start with
> # http://www.commoncriteriaportal.org/products/
>
> Are folks thinking of similar requirements in this context?
I know very little about this stuff so I've recommended we farm out
the HSM landscape study to a trusted 3rd party, that is, hire an
expert to advise us how to proceed. For example, when I was at NCSA,
the Cybersecurity Division surveyed the HSM market and recommended a
solution to TeraGrid, which was in the process of deploying a
production MyProxy CA instance.
> #Those who are interested in key management may wish to note:
> #
> # Cryptographic Key Management Workshop 2014
> # http://www.nist.gov/itl/csd/ct/ckm_workshop2014.cfm
> # March 4-5, 2014, NIST, Gaithersburg MD
> #
> #See also:
> #
> # SP 800-152
> # DRAFT A Profile for U. S. Federal Cryptographic Key Management Systems
> (CKMS)
> # http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-152
> # Released 7 Jan 2014, comments due by March 5, 2014
>
> FWIW, I'd also note that if HSMs are going to be part of the equation, we
> have the ability to offer the SafeNet LUNA HSMs through the multifactor
> program agreement with SafeNet, but not at much of a discount from list
> prices.
I'd be surprised if the community review *doesn't* recommend an HSM,
but in any case, others will be making recommendations to us, not the
other way around (or at least that's how I understand this will work
out).
Tom
- [md-distro] Last actions, John Krienke, 01/09/2014
- Re: [md-distro] Last actions, Tom Scavo, 01/09/2014
- Re: [md-distro] Last actions, Ian Young, 01/12/2014
- <Possible follow-up(s)>
- Re: [md-distro] Last actions, Joe St Sauver, 01/09/2014
- Re: [md-distro] Last actions, Tom Scavo, 01/09/2014
- Re: [md-distro] Last actions, Ian Young, 01/12/2014
- Re: [md-distro] Last actions, John Krienke, 01/13/2014
- Re: [md-distro] Last actions, Joe St Sauver, 01/09/2014
- Re: [md-distro] Last actions, Cantor, Scott, 01/09/2014
- Re: [md-distro] Last actions, Tom Scavo, 01/09/2014
Archive powered by MHonArc 2.6.16.