[dns-operations] Summary: Anyone still using a Sun/Oracle SCA6000 with OpenSSL?
randy at psg.com
Mon Oct 15 16:57:26 UTC 2012
>> i keep wondering about the use of hsms in dnssec and rpki signing. i
>> suspect that the threat model is not well thought out.
> I wonder what other operator's reasons for using a HSM with DNSSEC are
> (security-relevant, not performance-relevant).
exactly. and folk are spending very large amounts of money on hsms and
have not been able to explain their threat/security model so that i
could understand it. of course, the lack of understanding could be my
problem. but i suspect security theater.
More information about the dns-operations