[dns-operations] Summary: Anyone still using a Sun/Oracle SCA6000 with OpenSSL?

Dobbins, Roland rdobbins at arbor.net
Tue Oct 16 11:08:07 UTC 2012

On Oct 16, 2012, at 5:34 PM, Shane Kerr wrote:

> Even trickier is to protect against an internal conspiracy, but I don't think anyone is really seriously worried about that threat.

You don't need an internal conspiracy when organizations are penetrated through and through with botnets which can capture, log, and steal just about anything.

I understand the performance angle.  At best, the HSM is security posture-neutral; but, like Randy, I suspect their are side-channel and OoB issues which may well make it security posture-negative.  We don't really *know*, because no one's published a thorough analysis.

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

More information about the dns-operations mailing list