Trust is hard to obtain and maintain – especially in a world now well-tuned into the cynicism that expects large corporations to be working with governments in the execution of systemic, trust-based deception plan. If you must, call it a national identity program, or national cybersecurity plan. Anything (so long as not PKI – joke).
If I put 15 more deadbolts on my front door, I am truly “more protected”. Yes, noone lied. But its still worthless (despite being being “better” than merely 1 deadlock).
Why? Because one smashes the weak door jamb down (not the door) when one “disables” all the 15 $20 deadbolts with the $10 sledgehammar weilded by an ape with an exceptionalist attitude. That is: the deadlocks make no difference to security. They just sell worthless American assurances.
A FIPS level-2 HSM is a nice to have; but about as useful to crypto-security and confidentiality as the windows security manager in your desktop when faced with an FBI sledgehammer. Level 2 means it relies on a password scheme (and anyone knows that a “little bit of legal duress” can induce you to handover your password.
It’s true that having HSMs to protect certs and signing keys in a cloud-based HSM, are nicer than on-premise HSMs. And one sees how it supports encryption by a hosted SQL server of tuples. But, as for “security and safety”, the HSM feature is as worthless as any other American-sourced crypto/security product – since the vendor (microsoft) is under the thumb of the crypto regulator.
Sorry Microsoft. Right idea, wrong marketing. You must admit that – like a front door and its deadbolt – the security is illusory.
your own trustworthiness depends on saying what some don’t want you to say – including the above clear statement of limits. Each and every attempt to use marketing terms and clever parsing to hide the reality leads one to put microsoft in the american bucket (its just another deception program a few exceptional seeking to mislead the rest of humanity 0- the non-exceptionals – on crypto).