W3C home > Mailing lists > Public > public-identity@w3.org > November 2011

Re: Crypto HW Requirements (why it is out of scope)

From: Richard L. Barnes <rbarnes@bbn.com>
Date: Wed, 23 Nov 2011 10:08:52 -0500
Cc: "public-identity@w3.org" <public-identity@w3.org>
Message-Id: <57E6B730-FEA1-4A27-891E-64F7B67781CA@bbn.com>
To: Anders Rundgren <anders.rundgren@telia.com>
Hey Anders,

Couple of observations:

> The main point with crypto hardware is strong protection of secret/private keys, right?

I don't think that's quite right.  Protection of private keys is certainly a very important function of HSMs, but they also provide validated implementations of cryptographic algorithms.  


> If an API doesn't make it possible to distinguish if keys are created in crypto hardware
> or are stored in a file on the harddisk, such an API seems fairly useless from an issuer
> perspective.
> 
> I'm pretty sure that this is addressed in the Google Wallet but this scheme is currently
> secret so I don't see how we (at this stage) could even have a meaningful dialog
> about methods and requirements regarding schemes for supporting crypto hardware.
> 
> Microsoft has also publicly demonstrated Win8/TPM and U-Prove/smart card schemes
> without disclosing any details on how keys are provisioned.

You seem to be arguing that an API needs to be able to identify whether crypto services (e.g., key storage) are provided by crypto hardware or the local host, and that there are worked examples that show this is possible.  Which seems to say that a basic level of support for crypto HW (identifying the use of crypto HW) is in scope.

--Richard
Received on Wednesday, 23 November 2011 15:10:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 23 November 2011 15:10:13 GMT