[dns-operations] Summary: Anyone still using a Sun/Oracle SCA6000 with OpenSSL?
Tony Finch
dot at dotat.at
Wed Oct 17 18:33:38 UTC 2012
Rubens Kuhl <rubensk at nic.br> wrote:
> On Oct 17, 2012, at 2:14 PM, Tony Finch <dot at dotat.at> wrote:
> >
> > One interesting possibility might be to wire the keys into the FPGA
> > configuration, so it has to be re-flashed to change keys.
>
> That would require partially reconfigurable FPGA in order not to disrupt
> operations, so then 2x cells, but both are achievable nowadays.
If you are being paranoid then reflashing should happen offline so that
the key material is never available to the host software, even if it is
obfuscated into an FPGA configuration.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.
More information about the dns-operations
mailing list