You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some ideas, but I have no idea how to solve them cost-saving and compatible with servers in a data center:
Having a HSM or SecureElement store the OIDplus System key material ...
Sign all OIDs, log entries, etc.
... should we let the server sign it using a HSM / SE?
... or should we let the operator sign it? (With a SmartCard, maybe a special JavaCard application?)
... or maybe both (SmartCard signature for manually assigned OIDs, and server signature for automatic generated OIDs, e.g. FreeOID service)
Use external logging servers? aliyun?
Give owners of OIDs a certificate by the superior RA? Making something like DNSSec. Maybe build upon OID Resolution System (ORS)? (Can we implement ORS in any way?)
But how can we include a HSM to a server in a data center? CloudHSM seems to be expensive. Things like German TSE would be perfect, although I'd prefer if they would be a real WORM storage, or some product by Swissbit (iShield?). But we cannot plug-in a HSM in a data center if we don't have access to the server.
So many ideas...
The text was updated successfully, but these errors were encountered:
Some ideas, but I have no idea how to solve them cost-saving and compatible with servers in a data center:
But how can we include a HSM to a server in a data center? CloudHSM seems to be expensive. Things like German TSE would be perfect, although I'd prefer if they would be a real WORM storage, or some product by Swissbit (iShield?). But we cannot plug-in a HSM in a data center if we don't have access to the server.
So many ideas...
The text was updated successfully, but these errors were encountered: