[dns-operations] OpenHardware FPGA-based HSM SCA6000 with OpenSSL?

Robert Kisteleki robert at ripe.net
Mon Oct 15 18:57:57 UTC 2012

On 2012.10.15. 20:26, Randy Bush wrote:
>>> Making a tamper-evident box with SoftHSM is (I think) much easier to
>>> do, more scalable and done quicker.
>> Right. I think that one question has not been asked so far: why? What's
>> the real benefit that you'd get out of this?
> sounds like a diy hsm to me.

Indeed, but that's not an answer to the question.

Yes, it's a "cool project", and as such I like it too. But then it's not
more than that.


> and i still want to understand the threat model motivating hsm use in
> dnssec and rpki signing.
> randy



More information about the dns-operations mailing list