Closed
Bug 958342
Opened 11 years ago
Closed 11 years ago
HSM for APK signing
Categories
(Marketplace Graveyard :: Integration, defect, P1)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: andy+bugzilla, Unassigned)
References
Details
We'd like to re-use the existing marketplace HSMs for APK factory signing.
In this case we'll extend the existing trunion instance to include the new functionality. This means we don't need to get new HSM for this service.
There are currently two HSMs in the Marketplace one for stage and one for production. Likewise we'd re-use those HSMs for APK Factory stage and production.
This bug is just to get sign off from kang, if it's cool we should be able to close it, if not it might get more complication.
Reporter | ||
Updated•11 years ago
|
Flags: needinfo?(gdestuynder)
Using the same HSMs in their current state means that we're sharing the keys infrastructure between Marketplace and APK factory.
This means that APK factory will potentially be able to sign Marketpace apps and vice-versa.
As this goes against the principles of separation of products, I would like to make sure that concerned parties agree with the additional risk before procedding (the concerned party may be you ;).
Note:
While full separation (different HSMs, etc.) is obviously better from the risk point of view, I understand the need for something easier and cheaper to service, such as a secure API for similar crypto operations. However, we have nothing of the sort available right now.
Flags: needinfo?(gdestuynder)
Reporter | ||
Comment 2•11 years ago
|
||
One of the issues is the long lead time it takes to get a HSM in place.
Updated•11 years ago
|
Priority: -- → P1
Updated•11 years ago
|
Component: FxA → Integration
Comment 3•11 years ago
|
||
Security's latest recommendation is that we create a separate, isolated APK signing service. We do not need an HSM and we do not need to re-use the existing HSM
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•