[dns-operations] OpenHardware FPGA-based HSM (was: Summary: Anyone still using a Sun/Oracle SCA6000 with OpenSSL?)

Paul Hoffman paul.hoffman at vpnc.org
Mon Oct 15 14:52:16 UTC 2012


On Oct 15, 2012, at 4:40 AM, Miek Gieben <miek at miek.nl> wrote:

> [ Quoting <ondrej.sury at nic.cz> in "Re: [dns-operations] Summary: Anyon..." ]
>> On 14. 10. 2012, at 13:37, Carlos M. Martinez <carlosm3011 at gmail.com> wrote:
>> 
>>> That could be a really interesting project. I'm not sure how can I contribute, but I'd love to see that happen.
>> 
>> Even helping defining requirements (when we start gathering them) would be tremendous help...
> 
> Indeed, sounds like a really interesting project.
> 
> But why would a hardware implementation be better than, for instance, SoftHSM?

A big +1 to designing a open source system based on software instead of the massive overhead of an FPGA. A thorough security analysis of the difference between "a chip that only will do X" and "a box with an interface that will only do X" would go a long way.

FWIW, I'm not saying that SoftHSM is the right design for an HSM-like box, but rather that if we design a system that can replace HSMs and can be built for $200, it will be deployed much more often.

--Paul Hoffman


More information about the dns-operations mailing list