[dns-operations] Summary: Anyone still using a Sun/Oracle SCA6000 with OpenSSL?
Tony Finch
dot at dotat.at
Wed Oct 17 18:14:11 UTC 2012
> On 15/10/2012, at 3:10 AM, Ondřej Surý <ondrej.sury at nic.cz> wrote:
>
> > Just a question - would anyone would be interested in joining a
> > project to build an OpenHardware FPGA-based HSM with focus on DNSSEC?
One interesting possibility might be to wire the keys into the FPGA
configuration, so it has to be re-flashed to change keys.
George Michaelson <ggm at apnic.net> wrote:
>
> I'm particularly interested in its ability to support a key migration
> mechanism which would prevent capture of the signing materials by a
> single implementation.
Why not do a key rollover rather than a migration?
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.
More information about the dns-operations
mailing list