[dns-operations] Summary: Anyone still using a Sun/Oracle SCA6000 with OpenSSL?

[Randy Bush]

>> i keep wondering about the use of hsms in dnssec and rpki signing.  i
>> suspect that the threat model is not well thought out.
> 
> I wonder what other operator's reasons for using a HSM with DNSSEC are
> (security-relevant, not performance-relevant).

exactly.  and folk are spending very large amounts of money on hsms and
have not been able to explain their threat/security model so that i
could understand it.  of course, the lack of understanding could be my
problem.  but i suspect security theater.

randy