Private Keys are cached "forever" leading to inop HTTP-TLS-servers
Lothar Kimmeringer
job at kimmeringer.de
Tue Jun 21 12:28:17 UTC 2022
Am 21.06.2022 um 09:32 schrieb Andrew Haley:
> On 6/16/22 21:02, Lothar Kimmeringer wrote:
>> If they are allowed to become unuseable (as explained, I see that as
>> something that is to be expected IRL)
>
> I don't think they are. There is nothing in PKCS#11 that gives an implementation
> any permission to time out.
It's not only session timeouts that can make a Key unusable. An HSM
might become unavailable during runtime, e.g. if it is a USB-stick
that has been temporarily removed. So any operation that requires
this key will fail.
Thanks and best regards,
Lothar Kimmeringer
More information about the security-dev
mailing list