[ Quoting <g...@switch.ch> in "Re: [dns-operations] OpenHardware F..." ] > On Mon, 15 Oct 2012 09:13:45 -0700, Paul Hoffman <paul.hoff...@vpnc.org> said: > > > On Oct 15, 2012, at 7:39 AM, Alexander Gall <g...@switch.ch> wrote: > >> A hardware HSM allows you to detect when your keys get stolen > >> (provided the hardware does not implement extraction of the keys, of > >> course). In our case, this is the *only* reason we use a HSM at all. > > > A properly-designed software-based HSM in a tamper-evident box would have > > the same property. > > Of course. I'm not sure if that was what Miek implied in his > question, though. If it was, my point is obviously moot.
Well, I'm not sure :) I was thinking that making your own hardware might be a
step to far and was interested in the reasons for doing so. Hence my question.
Making a tamper-evident box with SoftHSM is (I think) much easier to do, more
scalable and done quicker.
But isn't OpenDNSSEC created for this?
Regards,
--
Miek Gieben http://miek.nl
signature.asc
Description: Digital signature
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
