On Wed Oct 08 17:28:04 2014, pspacek@redhat.com wrote:
> I don't want to be bold but... aren't we spending too much time on
> such a minor thing?

=> I was doing something else at the same time...

> I'm not an SoftHSM expert but I have to ask:
> 
> Are you talking about SoftHSM v2?

=> SoftHSMv1 (I finished to learn to use 1234
without exception :-).

> Looking at
> src/lib/data_mgr/SecureDataManager.cpp it seems that all values with
> CKA_PRIVATE = TRUE are encrypted with key which is derived from PIN.

=> yes, SoftHSMv2 is better for this.

> I'm aware of that. Customers who want real security are encouraged to
> buy real HSM but SoftHSM is good enough for those who do not care.

=> if they don't care why they don't use plain OpenSSL and
put the private key on an USB key kept in a safe? It is cheaper
(and IMHO more secure) than a HSM if you believe only the KSK
must be really protected. Of course this needs first a security
analysis but:
 1- I repeat myself
 2- nobody as far as I know began by a security analysis. oops!

> SoftHSM should not be worse than keys stored in plaintext on disk,
> right?

=> yes but if you have no plan to switch to a real HSM
this is over (under?) killing.

BTW look at the way .SE is managed: the only device is
a physical RNG. Cheap, efficient, and designed before
ICANN emits recommendations/rules/etc.