[dns-operations] Summary: Anyone still using a Sun/Oracle SCA6000 with OpenSSL?

Randy Bush randy at psg.com
Mon Oct 15 16:57:26 UTC 2012

>> i keep wondering about the use of hsms in dnssec and rpki signing.  i
>> suspect that the threat model is not well thought out.
> I wonder what other operator's reasons for using a HSM with DNSSEC are
> (security-relevant, not performance-relevant).

exactly.  and folk are spending very large amounts of money on hsms and
have not been able to explain their threat/security model so that i
could understand it.  of course, the lack of understanding could be my
problem.  but i suspect security theater.


More information about the dns-operations mailing list