[dns-operations] Summary: Anyone still using a Sun/Oracle SCA6000 with OpenSSL?

Alexander Gall gall at switch.ch
Mon Oct 15 14:39:14 UTC 2012

On Mon, 15 Oct 2012 13:40:06 +0200, Miek Gieben <miek at miek.nl> said:

> [ Quoting <ondrej.sury at nic.cz> in "Re: [dns-operations] Summary: Anyon..." ]
>> On 14. 10. 2012, at 13:37, Carlos M. Martinez <carlosm3011 at gmail.com> wrote:
>> > That could be a really interesting project. I'm not sure how can I contribute, but I'd love to see that happen.
>> Even helping defining requirements (when we start gathering them) would be tremendous help...

> Indeed, sounds like a really interesting project.

> But why would a hardware implementation be better than, for instance, SoftHSM?

A hardware HSM allows you to detect when your keys get stolen
(provided the hardware does not implement extraction of the keys, of
course).  In our case, this is the *only* reason we use a HSM at all.


More information about the dns-operations mailing list