[mod_gnutls-devel] mod_gnutls + pkcs11 = less data leaked (?)
Thomas Calderon
calderon.thomas at gmail.com
Thu Jun 26 20:13:51 CEST 2014
Hi there,
I followed your discussion back in April towards supporting PKCS#11 in
mod_gnutls.
I would like to point out that I co-developed Caml Crush, a PKCS#11
filtering proxy. Our work address the various shortcomings of the PKCS#11
API.
However, since it is a client/server approach it can be used as an elegant
way to isolate the keying materials from the web server's memory.
We have successfully tested this approach using mod_nss (since PKCS#11
tokens are natively supported within NSS databases).
Caml Crush can be found at https://github.com/ANSSI-FR/caml-crush.
It would be great if a patch adding PKCS#11 support could be contributed to
mod_gnutls as it would offer an alternative, choice is always welcome !
Kind regards,
Thomas Calderon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140626/3014152e/attachment.html>
More information about the mod_gnutls-devel
mailing list