|
|
|
|
|
|
by j_s
3156 days ago
|
|
|
Are we in agreement that no HSM can completely protect against scenario 1? (If I can't verify the key [varying degrees of "hard" when connecting across the internet], it can be replaced.) [edited] That is why I don't see this as relevant, it is outside the threat model any HSM attempts to protect against. More mitigation is possible than the YubiHSM provides, using a display/inputs on the HSM itself to verify keys and choose/confirm operations. I appreciate your patience in carefully explaining your perspective, and this issue is definitely something to keep in mind in general. |
|
|
I agree completely. It's just something to keep in mind.