## page was renamed from Technology/Laboratory/Software/Possum
## page was renamed from Software/Projects/Possum
## page was renamed from Possum

  . See
    . [[Possum]] for main information
    . [[Technology/Laboratory/Software/Possum]] for the developed design scope of the Software
    . [[Technology/Laboratory/Hardware/Possum]] for the developed design scope of the Hardware
    . [[Brain/Study/Possum/Hardware]] for the ongoing project concept
    . [[Roots/HSM]]

----

== CAcert.org Possum Project ==

 . Possum is a cross-competence Project for an Open Source Security Module.  This is like a [[http://en.wikipedia.org/wiki/Hardware_Security_Module|commercial HSM]], but driven to CAcert's more open requirements.

 . The Possum Project can be the basis of Next Generation Open Source CAcert.org Security Module / Signing-Server, and part of the Next Generation Design of CAcert.org Open Source Software '''[[Technology/Laboratory/Software/BirdShack| BirdShack]]''' as well.

<<BR>>

 . {{http://upload.wikimedia.org/wikipedia/commons/thumb/5/5e/A_possum.JPG/180px-A_possum.JPG}}

== Business Proposal ==

 . Possum is not yet designed.  In order to design Possum, we could (hypothetically)

  . '''Design''' it ourselves

  . '''Contract''' it to an expert group

  . '''[[http://blog.cacert.org/2009/09/423.html|Run a Design Competition]]'''

  . '''Tag''' along with a group like [[http://wiki.cryptech.is/|Cryptech]] open security hardware group.

This concept is about exploring the the third option.

== A Design Competition for Possum ==

 . This could be run along the lines of the NIST/AES effort.  An open-to-all call asking for a design for each module.  Each module should be specified to a sufficient standard.

 . A time-line should be set with phases.  For example, following the lines of the AES effort:
  . 1. Announce
  . 2. Open presentation of all designs, X months later
  . 3. Comment and attack period
  . 4. Selection of finalists
  . 5. Presentation of finalists
  . 6. Comment and attack period
  . 7. Selection of winner
  . 8. Production of reference implementations

 .This fits the criteria of a peer-reviewed exercise, so it is most of the way to being academically viable.  To further market it, budget for the team(s) travel and accomodation to present their proposals within a major related conference.

 . Funding could be found from a number of sources.

== Requirements ==

 . Possum needs to be:

  . - Buildable by small independent groups.
  . - Low-cost
  . - Relatively secure
    . - Protect the key data from extraction
    . - Protect the system from unauthorised requests
  . - Small verifiable software footprint
  . - Simple, trailing edge hardware footprint
  . - Single standardised protocol
  . - Open access
   . - All components buildable and usable without license issues
   . - Published design
   . - No patents


== Components ==

 . There are these '''Major Tech Components''':

  . '''Hardware Platform'''
   . - '''Hardware Interfaces'''
   . - '''Physical Protection Module'''
   . - 

  . '''Protocol'''
   . - '''Serial'''

  . '''Software'''
   . - '''Crypto, protocol driver, key store, application'''


=== Hardware ===

  . - Hardware must be readily sourcable and low cost.
  . - Security not speed.
  . - It should have an application interface and a management interface,
  . - Small footprint:  Low power, low heat, small size.

  . Requirements for the Hardware are developed at [[Technology/Laboratory/Hardware/Possum]].
  . Notes on the project-work for the hardware side are at [[Brain/Study/Possum/Hardware]].

=== Protocol ===

  . - Certificate operations
  . - Capable of layering over different packet networks.
  . - Simple layout
  . - Some Management requests
  . - Highly reliable
  . - Simple layout

See fuller requirements at [[Technology/Laboratory/Software/Possum]].

=== Software ===

  . - Capable of digital signing
  . - Keeps logs of all requests received and handled
  . - Protocol driver
  . - Management access

See fuller requirements at [[Technology/Laboratory/Software/Possum]].

== Misc ==

=== Other Applications ===

 . Our Primary interest is CAcert's digital signing server, but this design can be turned to other things:

  . - Digital cash server, e.g., [[http://systemics.com/docs/ricardo/|Ricardo]] or [[http://epointsystem.org/|Epointsystem]].
  . - Personal safe for private information
  . - MP3 server
  . - [[http://allmydata.org/source/tahoe/trunk/docs/about.html|Tahoe server]] or other file-sharing technology

=== References ===

  . - Peter Gutmann, "[[http://www.cypherpunks.to/~peter/usenix00.pdf|An Open-source Cryptographic Coprocessor]]," Usenix 2000.
  . - Peter Gutmann, "[[http://www.cypherpunks.to/~peter/07_hardware.pdf|Hardware Encryption Modules]]," forthcoming book.

=== Feedbacks ===

 . iang at c.o

 . Inputs & Thoughts, below:

----
===  Inputs & Thoughts ===

 . 20090922-[[hugi]]

 . {{{
Can't find Proposal Variant B? 
  }}}

----

 . YYYYMMDD-[[YourName]]

 . {{{
Text / Your Statements, thoughts and e-mail snippets, Please
  }}}

----
CategorySoftware