[dns-operations] Summary: Anyone still using a Sun/Oracle SCA6000 with OpenSSL?

Randy Bush randy at psg.com
Mon Oct 15 15:55:16 UTC 2012

> A hardware HSM allows you to detect when your keys get stolen
> (provided the hardware does not implement extraction of the keys, of
> course).  In our case, this is the *only* reason we use a HSM at all.

i keep wondering about the use of hsms in dnssec and rpki signing.  i
suspect that the threat model is not well thought out.


More information about the dns-operations mailing list