[dns-operations] Summary: Anyone still using a Sun/Oracle SCA6000 with OpenSSL?
randy at psg.com
Mon Oct 15 15:55:16 UTC 2012
> A hardware HSM allows you to detect when your keys get stolen
> (provided the hardware does not implement extraction of the keys, of
> course). In our case, this is the *only* reason we use a HSM at all.
i keep wondering about the use of hsms in dnssec and rpki signing. i
suspect that the threat model is not well thought out.
More information about the dns-operations