|
|
|
|
|
|
by danpalmer
1344 days ago
|
|
|
Isn't the normal practice here to provide a key use transparency log? HSMs can produce a log every time the key is used, and as long as you trust the hardware to be doing the right thing (if you don't you've got bigger problems) the log should be verifiable so you know if there's a missing entry. Cloud provider has the key, but gives you verifiable logs of it being used so you can catch them if they're doing the wrong thing. |
|
|