The YubiHSM provides us with a nice mechanism (attestation) as a way for us to evaluate a claim by the YubiHSM, namely that a key was created on that YubiHSM and that it has a particular set of properties. We collect this data in oks but we do not yet have a mechanism to analyze them to ensure they are trustworthy (PKI path validation).
The YubiHSM provides us with a nice mechanism (attestation) as a way for us to evaluate a claim by the YubiHSM, namely that a key was created on that YubiHSM and that it has a particular set of properties. We collect this data in
oks
but we do not yet have a mechanism to analyze them to ensure they are trustworthy (PKI path validation).