Reliance on PKCS #11¶

When you have reached this point in the TLS Pool Handbook, you may have seen the term PKCS #11 so often that you have stopped to think of it as innovative. Despite that, the choice to build the TLS Pool around PKCS #11 and to support integration with external components for management of local credentials is highly innovative. Not only that, it solves real problems felt by real security administrators.

PKCS #11 is useful for a number of reasons:

It separates secret or private keys from the TLS protocol logic.
It enables the administrator a range of choices in security levels.
It may work on a remote key storage device.
It may facilitate cryptographic speed-up.
It helps to lift reliance on hardware security — or virtual host security.

In client environments, it is somewhat common to see PKCS #11 implemented. The TLS Pool is a first innovator to also pull it into the server environment.

Reliance on PKCS #11¶

TLS Pool Handbook

Navigation

Related Topics