[dns-operations] HSM recommendations

Barry O'Donovan barry+dnsops at islandbridgenetworks.ie
Wed Sep 6 06:27:59 UTC 2017


This looks like an interesting project but I cannot recommend or advise
avoidance:

https://cryptech.is/
https://ripe69.ripe.net/presentations/136-141106.ripe-cryptech.pdf

I'd be interested in anyone's experience / thoughts on this.


Also the new emergence of cloud based services:
https://aws.amazon.com/cloudhsm/

 - Barry


> Bill Woodcock wrote:
>>> On Sep 5, 2017, at 12:25 PM, Brett <brettcarr at gmail.com> wrote:
>>> 
>>> It's been a long time since I looked at HSM's (my previous
>>> experience is with Sun (PCI) and Thales (Network), but this was
>>> all a few years ago now. What is popular these days and is there
>>> any that anyone would particularly avoid or recommend.
>> We have a fleet of AEP Keypers, which we’ve been extraordinarily
>> happy with.  They’ve worked exactly as advertised, without any
>> hiccups, and AEP’s support has been outstanding, when we’ve wanted
>> to do things outside-of-the-ordinary.  I think we’re signing ~100
>> TLDs with them, been using them for about six years, just finished
>> a rotation out for their routine-service and battery replacement,
>> all of which went smoothly.
>> 
>> -Bill
>> 
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________ dns-operations
>> mailing list dns-operations at lists.dns-oarc.net 
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations 
>> dns-operations mailing list 
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations



More information about the dns-operations mailing list