[dns-operations] OpenHardware FPGA-based HSM SCA6000 with OpenSSL?

Alexander Gall gall at switch.ch
Mon Oct 15 16:30:23 UTC 2012

On Mon, 15 Oct 2012 09:13:45 -0700, Paul Hoffman <paul.hoffman at vpnc.org> said:

> On Oct 15, 2012, at 7:39 AM, Alexander Gall <gall at switch.ch> wrote:
>> A hardware HSM allows you to detect when your keys get stolen
>> (provided the hardware does not implement extraction of the keys, of
>> course).  In our case, this is the *only* reason we use a HSM at all.

> A properly-designed software-based HSM in a tamper-evident box would have the same property.

Of course.  I'm not sure if that was what Miek implied in his
question, though.  If it was, my point is obviously moot.


More information about the dns-operations mailing list