Ted Hahn
Ted Hahn is an experienced Site Reliability engineer who previously worked at Google, Facebook, and Houseparty. He currently works as an independent consultant helping startups do cloud.
Session
Practical HSMs are cheap, and you just don’t know it. Government adoption of PIV and CAC has driven prices of PKCS#11 devices down, and you don’t need an expensive enterprise HSM for your offline root signing key.
Further, widespread support for Name Constraints on Trust Anchors has finally arrived - So you can deploy a private CA to your client devices without affecting the public roots of trust, making it safer than ever to run your own PKI.
This workshop will be a walk through in setting up a full solution for generating a CA contained on a Yubikey, issuing intermediates used for online signing, and distributing said certificates to applications and end-user devices.