[dns-operations] HSM recommendations

Marc Groeneweg Marc.Groeneweg at sidn.nl
Wed Sep 6 11:03:00 UTC 2017


Brett,

We are quite happy with our Gemalto (previous Safenet) HSM’s. To be specific: we use Luna SA7100 in a networked configuration with HA mode of operation. The signing is done with RSA-2048 signatures. Depending your use case (RSA, ECDSA) check your throughput of the devices. Some are optimized to do the one, others optimized for other algorithms. 

Best regards,
Marc Groeneweg

On 05/09/2017, 22:07, "dns-operations on behalf of Brett" <dns-operations-bounces at dns-oarc.net on behalf of brettcarr at gmail.com> wrote:

    It's been a long time since I looked at HSM's (my previous experience
    is with Sun (PCI) and Thales (Network), but this was all a few years
    ago now. What is popular these days and is there any that anyone would
    particularly avoid or recommend.
    
    Thanks
    
    -- 
    Brett
    _______________________________________________
    dns-operations mailing list
    dns-operations at lists.dns-oarc.net
    https://lists.dns-oarc.net/mailman/listinfo/dns-operations
    dns-operations mailing list
    https://lists.dns-oarc.net/mailman/listinfo/dns-operations
    
    





More information about the dns-operations mailing list