Ruv Cohen posted in his blog an intersting thought about a “Trusted Cloud Entropy Authority” ElasticVapor :: Life in the Cloud: A Trusted Cloud Entropy Authority
Gordon’s comments did get me thinking, maybe there an opportunity to create a trusted cloud authority to provide signed verified and certified entropy. Think of it like a certificate authority (CA) but for chaos. Actually, Amazon Web Service itself could act as this entropy authority via a simple encrypted web service call. I even have a name for it, Simple Entropy Service (SES).
This idea is very exciting and useful. However, if you are to classical CA’s thinking as e.g. “Web Server Certificate” field, then i believe only an independent CA guarantees in such a position, future potential of Cloud Computing without a provider lock-in. The provider lock-in here refers not only to the CA itself, but also to pave the CA by a certified Provider / Services. In my view, therefore the target must be to create a largely self-sufficient CA, which also allows small businesses and companies to be able to offer certified and therefore “trusted” Cloud Computing services and resources without an expensive certification process. If you think for example on Amazon EC2 Images, it should be possible in future to continue creating an own AMI image but then also free from Amazon certify it. That would be a real added value – for Amazon as IaaS Provider and for us as AWS user and enabler.