[Owasp-leaders] PKI resources...

Jim Manico jim.manico at owasp.org
Wed Feb 10 20:04:35 UTC 2016


Kevin,

Like most cryptographers, the cryptographic cheat sheet punts on 
handling key management which is why I specifically did not mention it 
in answer to Miltons question. I also think the ASVS standard does 
little to address HSM and key management deep or meaningful way.

So I'm back to my comment that OWASP does not have a good resource on 
HSM's or key management and it's a gap I am actively working to full 
with various experts.

Aloha,
Jim


On 2/8/16 10:55 PM, Kevin W. Wall wrote:
> Milton,
>
> The closest thing that OWASP has on this is the Cryptographic Storage
> Cheat Sheet, at:
> https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet
> (shame on you for not remembering Jim! :)
>
> Section 7 of ASVS also covers this a bit, but not very deeply, but if
> you have not looked
> at it, it might be reviewing quickly.
>
> Like Mauro, I too have been involved in working with / advising enterprise PKI
> and designed and implemented a proprietary key server, so if you have specific
> questions, feel free to pass them my way and I'll try my best to answer them.
>
> -kevin
>
> On Mon, Feb 8, 2016 at 6:43 PM, Mauro Flores <mauro.flores at owasp.org> wrote:
>> Hi Millton, I help to build a couple of natinal PKI and configure several
>> HSM.
>> If I can be of any assistance, let me know.
>>
>> Regards, Mauro Flores
>>
>> El feb 8, 2016 4:21 PM, "Milton Smith" <milton.smith at owasp.org> escribió:
>>> Hi All,
>>>
>>> I have a PKI project on my dashboard.  Nothing specific yet but I may have
>>> a question or two about HSM's and key storage in the future.  Can anyone
>>> recommend OWASP resources (email lists, experienced individuals, etc) that
>>> may be helpful?  Thanks in advance!
>>>
>>> Regards,
>>> Milton
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>



More information about the OWASP-Leaders mailing list