[dns-operations] OpenHardware FPGA-based HSM SCA6000 with OpenSSL?

Paul Hoffman paul.hoffman at vpnc.org
Tue Oct 16 14:44:50 UTC 2012

On Oct 16, 2012, at 7:23 AM, Robert Kisteleki <robert at ripe.net> wrote:

>>> It's possible to come up with bad escrow mechanisms, which leave the key
>>> vulnerable. That's just bad engineering, it's got nothing to do with HSMs.
>>> However, a properly designed procedure with enough support from the HSM will
>>> defend against this.
>> The same is true for systems that act like HSMs.
> Indeed. So what's the difference between HSMs and "systems that act like HSMs"?

The key is stored in traditional long-term memory (spinning rust or SSD), and the signing is done with a traditional CPU under control of a traditional operating system. The security offered by the H in HSM is based on an assumption that the hardware vendor did it right and the meager documentation given for the security properties is complete. The security offered by a system that acts like an HSM is based on the belief that the ability to review all the software used in the system will overwhelm the problems of too much software in the system.

These are two orthogonal types of theater.

--Paul Hoffman

More information about the dns-operations mailing list