IETF Logo Mail Archive

Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dnsop-rfc4641bis-01.txt

Andrew Sullivan <ajs@shinkuro.com> Tue, 21 April 2009 15:59 UTC

Return-Path: <ajs@shinkuro.com>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 63F363A7039 for <dnsop@core3.amsl.com>; Tue, 21 Apr 2009 08:59:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.149
X-Spam-Level:
X-Spam-Status: No, score=-2.149 tagged_above=-999 required=5 tests=[AWL=0.450, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2hAjST9C4Drv for <dnsop@core3.amsl.com>; Tue, 21 Apr 2009 08:59:25 -0700 (PDT)
Received: from mail.yitter.info (mail.yitter.info [208.86.224.201]) by core3.amsl.com (Postfix) with ESMTP id B483F3A6DB4 for <dnsop@ietf.org>; Tue, 21 Apr 2009 08:59:25 -0700 (PDT)
Received: from crankycanuck.ca (CPE00212980eb9c-CM00194757af08.cpe.net.cable.rogers.com [99.249.242.212]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id C7B472FE9573 for <dnsop@ietf.org>; Tue, 21 Apr 2009 16:00:41 +0000 (UTC)
Date: Tue, 21 Apr 2009 12:00:40 -0400
From: Andrew Sullivan <ajs@shinkuro.com>
To: dnsop@ietf.org
Message-ID: <20090421160040.GD64986@shinkuro.com>
References: <20090306141501.4BA2F3A6B4B@core3.amsl.com> <49EDA81E.2000600@ca.afilias.info> <a06240805c6138a622949@[10.31.200.142]> <82iqkykq10.fsf@mid.bfk.de> <a06240807c61393343ac7@[10.31.200.142]> <20090421153213.GA7564@nic.fr> <a06240808c61397d750db@[10.31.200.142]>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <a06240808c61397d750db@[10.31.200.142]>
User-Agent: Mutt/1.5.18 (2008-05-17)
Subject: Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dnsop-rfc4641bis-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Apr 2009 15:59:26 -0000

On Tue, Apr 21, 2009 at 11:45:18AM -0400, Edward Lewis wrote:
>
> Suppose that I tightly constrain who reads the database.  

Suppose you do.  Then you still have the problem of escalation attacks.  

HSMs are designed to make such attacks impossible: the key simply
won't come out.  That's a better answer than, "I've set it up so that
just about nobody can get to the key", since privilege escalation in
database systems is exactly the place good attackers work.  I notice
in passing that a certain large company who recently bought Sun no
longer makes "unbreakable" claims loudly and in public. 

A


-- 
Andrew Sullivan
ajs@shinkuro.com
Shinkuro, Inc.

v2.23.0 | Report a Bug | By Email