<tt><font size=2>Rickard Bellgrim <rickard.bellgrim@iis.se> wrote
on 11/24/2009 08:54:22 AM:<br>
<br>
> > By default, no. Default should be to have it not exportable.
Flipping</font></tt>
<br><tt><font size=2>> > the 'exportable bit' must also be a one
way function. You can switch</font></tt>
<br><tt><font size=2>> > from exportable to not exportable, but not
from not-exportable to</font></tt>
<br><tt><font size=2>> > exportable.</font></tt>
<br><tt><font size=2>> </font></tt>
<br><tt><font size=2>> Yeah. This is something that can only be done
when you are creating <br>
> the key (setting the key to extractable).</font></tt>
<br>
<br><tt><font size=2>Cool!</font></tt>
<br>
<br><tt><font size=2>> > In general, keys only need to be exportable
when an HSM roll is due. By</font></tt>
<br><tt><font size=2>> > that time, a key can be generated that is
exportable.</font></tt>
<br><tt><font size=2>> > </font></tt>
<br><tt><font size=2>> > > Just want to discuss this topic, so
that we do not lock the user</font></tt>
<br><tt><font size=2>> > > down. Or is it better to protect against
a potential threat of</font></tt>
<br><tt><font size=2>> > leaking keys?</font></tt>
<br><tt><font size=2>> > </font></tt>
<br><tt><font size=2>> > IMHO it is not a mutual exclusive choice.
We need to protect against a</font></tt>
<br><tt><font size=2>> > potential threat of leaking keys all the
time, but only enable the user</font></tt>
<br><tt><font size=2>> > to export the key as an explicit conscious
choice.</font></tt>
<br><tt><font size=2>> </font></tt>
<br><tt><font size=2>> Ok, sounds like a feature for version 2.0. The
HSMs are probably not<br>
> going to be rolled in this time frame.</font></tt>
<br>
<br><tt><font size=2>As for replication of the keystore (backup, fallback,
failover purposes), some HSMs have functionality for that, independent
of applications that are using the HSM. (as an example, 'scamgr backup'
provides this for Sun's SCA6000).</font></tt>
<br>
<br><tt><font size=2>As for rolling to a new HSM, that can be done without
exporting keys, by aligning a key-roll with hsm-roll.</font></tt>
<br>
<br><tt><font size=2>So, I concur. This feature is not needed for version
1.0, but lets make sure that by default, the keys that are generated are
not exportable.</font></tt>
<br>
<br><tt><font size=2>Thanks,</font></tt>
<br>
<br><tt><font size=2>Roy</font></tt>
<br>
<br>