[dns-operations] Summary: Anyone still using a Sun/Oracle SCA6000 with OpenSSL?

[Randy Bush]

> A hardware HSM allows you to detect when your keys get stolen
> (provided the hardware does not implement extraction of the keys, of
> course).  In our case, this is the *only* reason we use a HSM at all.

i keep wondering about the use of hsms in dnssec and rpki signing.  i
suspect that the threat model is not well thought out.

randy