The hardware cert provides a better defence against cryptographic attack from someone who has already gained access to the local machine, either through a successful remote compromise, or a prying systems administrator, and the dedicated hardware implicitly provides a performance improvement.
The certificate issuing process is neat in that requests for certificates will be validated to ensure that the keys have been generated on an nCipher HSM, and that no certificates are issued to sites not using the appropriate nCipher device.
At a cost of $4500 and up to protect against an unlikely attack, hardware certificates are likely to be deployed only by the sites with most reason to fear key compromise, presumably in the finance industry and the military.
It will be interesting to see on which sites the hardware certificate seal shows up.
Posted by Mike Prettejohn in Security
Your link here? Advertising on the Netcraft Blog