[dns-operations] OpenHardware FPGA-based HSM SCA6000 with OpenSSL?
Alexander Gall
gall at switch.ch
Mon Oct 15 16:30:23 UTC 2012
On Mon, 15 Oct 2012 09:13:45 -0700, Paul Hoffman <paul.hoffman at vpnc.org> said:
> On Oct 15, 2012, at 7:39 AM, Alexander Gall <gall at switch.ch> wrote:
>> A hardware HSM allows you to detect when your keys get stolen
>> (provided the hardware does not implement extraction of the keys, of
>> course). In our case, this is the *only* reason we use a HSM at all.
> A properly-designed software-based HSM in a tamper-evident box would have the same property.
Of course. I'm not sure if that was what Miek implied in his
question, though. If it was, my point is obviously moot.
--
Alex
More information about the dns-operations
mailing list