[Ach] titus - Totally Isolated TLS Unwrapping Server by Andrew Ayer
Thomas Preissler
thomas at preissler.co.uk
Sun Mar 15 10:05:38 CET 2015
Dear all,
some while back I came across titus -
Totally Isolated TLS Unwrapping Server (https://www.opsmate.com/titus/).
(from the same guy running SSLMate).
In a nutshell: This is basically a SSL proxy implementing private key
isolation and private key privilege separation.
I love the idea, mostly because it takes the onerous away that your
backend application has to support SSL/TLS. It also helps what I
understand to improve the security of the private key - obviously only
on a network level, not on a local level.
I am inclined to use this, as I like the idea. I have not read much
about this thing anywhere, do you guys have any experience or opinion on
that?
I am asking more from a crypto angle, than from a "just" sysadmin angle
(it is just yet another service, that's all for me). (Don't get me
wrong, I am also not asking for a source code audit.)
More technical details here
* https://securityblog.redhat.com/2014/06/18/openssl-privilege-separation-analysis/
* https://www.agwa.name/blog/post/protecting_the_openssl_private_key_in_a_separate_process
* https://www.agwa.name/blog/post/titus_isolation_techniques_continued
Regards
Thomas
--
www.preissler.co.uk | Twitter: @module0x90 | PGP-Key: 75889415
GPG Fingerprint: CCBD 153A D257 CA7E A217 FDF7 5928 03D1 7588 9415
More information about the Ach
mailing list