[dns-operations] OpenHardware FPGA-based HSM SCA6000 with OpenSSL?

Robert Kisteleki robert at ripe.net
Tue Oct 16 14:23:41 UTC 2012


>> It's possible to come up with bad escrow mechanisms, which leave the key
>> vulnerable. That's just bad engineering, it's got nothing to do with HSMs.
>> However, a properly designed procedure with enough support from the HSM will
>> defend against this.
> 
> The same is true for systems that act like HSMs.

Indeed. So what's the difference between HSMs and "systems that act like HSMs"?

Robert




More information about the dns-operations mailing list