O.k. back to some why's. So misuse-resistant cryptography is taking off. Great time to surf the wave. But there's more coming! Securing data against post-Quantum threats is going to keep us all busy for the next 10 years minimum.
Multi-tweet answer! First: in general, the HSM trust model is that you trust the HSM manufacturer. There's attestation and an audit log, so every action is visible to you. If AWS were to access it, it'd be in the log.
-
-
Secondly, HSMs are a defense against key theft and long term impersonation, but not mis-use. For example, if your host accessing the HSM is compromised, an attacker can still use your key. Your security model always needs a revocation or recovery strategy for that case.
-
AWS has the scale to make some seriously big investments in physical security; chain of custody from time of manufacture, well-guarded data centers, pro-active penetration tests, etc ... as well as the resources to make provisioning quick and easy. So much easier than DIY.
End of conversation
New conversation -
-
-
This Tweet is unavailable.
-
https://docs.aws.amazon.com/cloudhsm/latest/userguide/get-audit-logs-from-cloudwatch.html … , https://docs.aws.amazon.com/cloudhsm/latest/userguide/interpreting-audit-logs.html … , https://docs.aws.amazon.com/cloudhsm/latest/userguide/cloudhsm-audit-log-reference.html … It's pretty detailed logging.
End of conversation
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.