Hi all,
You are welcome to attend a free training course in OpenDNSSEC. It is a two-day
training, where you get a mixture of theory and hands-on experience.
Date: October 10-11
Time: Day 1: 10 am – 5 pm, Day 2: 9 am – 4 pm
Location: .SE, Ringvägen 100 A, 9th floor, Stockholm, Sweden. Subway stat
On Tue, Aug 20, 2013 at 11:14 AM, Rickard Bellgrim
wrote:
> IIUC, user talks to web, web talks to WService, WService talks with token.
>> Doesnt that break the rule of the "user being the only one having the
>> PIN/access to key"
>>
>
> How the PIN is transferred over multiple systems to the HSM/
>
> IIUC, user talks to web, web talks to WService, WService talks with token.
> Doesnt that break the rule of the "user being the only one having the
> PIN/access to key"
>
How the PIN is transferred over multiple systems to the HSM/token is out of
scope. You have to build/use a system which make
Hi,
OpenDNSSEC 1.4 should read the incoming SOA RDATA values and use the
REFRESH, RETRY and EXPIRE values to do periodic zone transfer requests
in case no NOTIFY messages have been received in the meantime.
Also, OpenDNSSEC 1.4 responds to queries without doing additional
processing (so no CNAME
Hi,
> > user attack pk11lib, pk11lib opens a secure tunnel to HSM
>
> Slightly differently -- user would find the PIN to access the HSM, usually
> from the app loading the pk11lib.
>
> app=browser
Then you are asking your questions on an unsuitable mailing list.
-Rick_
Hi Rickard (and all), sorry for holiday delay.
I know how PKCS#11 works, but im looking how HSM work.
IIUC, user talks to web, web talks to WService, WService talks with token.
Doesnt that break the rule of the "user being the only one having the
PIN/access to key"
The other possibility is:
user
