[dns-operations] OpenHardware FPGA-based HSM SCA6000 with OpenSSL?
Miek Gieben
miek at miek.nl
Mon Oct 15 17:09:06 UTC 2012
[ Quoting <gall at switch.ch> in "Re: [dns-operations] OpenHardware F..." ]
> On Mon, 15 Oct 2012 09:13:45 -0700, Paul Hoffman <paul.hoffman at vpnc.org> said:
>
> > On Oct 15, 2012, at 7:39 AM, Alexander Gall <gall at switch.ch> wrote:
> >> A hardware HSM allows you to detect when your keys get stolen
> >> (provided the hardware does not implement extraction of the keys, of
> >> course). In our case, this is the *only* reason we use a HSM at all.
>
> > A properly-designed software-based HSM in a tamper-evident box would have the same property.
>
> Of course. I'm not sure if that was what Miek implied in his
> question, though. If it was, my point is obviously moot.
Well, I'm not sure :) I was thinking that making your own hardware might be a
step to far and was interested in the reasons for doing so. Hence my question.
Making a tamper-evident box with SoftHSM is (I think) much easier to do, more
scalable and done quicker.
But isn't OpenDNSSEC created for this?
Regards,
--
Miek Gieben http://miek.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20121015/2b119435/attachment.sig>
More information about the dns-operations
mailing list