[Owasp-leaders] PKI resources...
jim.manico at owasp.org
Wed Feb 10 20:04:35 UTC 2016
Like most cryptographers, the cryptographic cheat sheet punts on
handling key management which is why I specifically did not mention it
in answer to Miltons question. I also think the ASVS standard does
little to address HSM and key management deep or meaningful way.
So I'm back to my comment that OWASP does not have a good resource on
HSM's or key management and it's a gap I am actively working to full
with various experts.
On 2/8/16 10:55 PM, Kevin W. Wall wrote:
> The closest thing that OWASP has on this is the Cryptographic Storage
> Cheat Sheet, at:
> (shame on you for not remembering Jim! :)
> Section 7 of ASVS also covers this a bit, but not very deeply, but if
> you have not looked
> at it, it might be reviewing quickly.
> Like Mauro, I too have been involved in working with / advising enterprise PKI
> and designed and implemented a proprietary key server, so if you have specific
> questions, feel free to pass them my way and I'll try my best to answer them.
> On Mon, Feb 8, 2016 at 6:43 PM, Mauro Flores <mauro.flores at owasp.org> wrote:
>> Hi Millton, I help to build a couple of natinal PKI and configure several
>> If I can be of any assistance, let me know.
>> Regards, Mauro Flores
>> El feb 8, 2016 4:21 PM, "Milton Smith" <milton.smith at owasp.org> escribió:
>>> Hi All,
>>> I have a PKI project on my dashboard. Nothing specific yet but I may have
>>> a question or two about HSM's and key storage in the future. Can anyone
>>> recommend OWASP resources (email lists, experienced individuals, etc) that
>>> may be helpful? Thanks in advance!
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
More information about the OWASP-Leaders