The GN4-3 WP5 T2 (Incubator - Preparatory Phase) investigated the applicability of a low-cost open-source HSM appliance developed by Diamond Key Security (https://www.dkey.org/) and based on Cryptech (https://cryptech.is/) modules to a set of use cases consisting of GÉANT and other community T&I services. It concluded that the capability of the appliance was suited to support a range of GÉANT use cases encompassing, principally, CA key storage and certificate signing together with metadata and code signing, although the current capabilities of the appliance was were insufficient for some services that needed higher performance, such eduGAIN MDQ . The Diamond Key enterprise has ceased operating, however the GN4-3 project has already acquired two of the Diamond Key appliances and these have been installed in a datacentre at SURFnet. The objective of this activity is to investigate the demand for an HSM testbed service using these appliances to . This will enable interested projects and services who wish , who typically are unable to develop using an HSM, to investigate the use of an HSM to to improve the security and integrity of their offerings to do so. Assuming there is such demand, this activity will define the goals and scope of such a service, and how the infrastructure should be configured to support it, with the intention of transferring the on-going management and maintenance to a suitable entity within the GN4-3 project. |