[dns-operations] HSM recommendations

Georg Kahest georg.kahest at internet.ee
Wed Sep 6 13:09:15 UTC 2017


On 09/06/17 09:27, Barry O'Donovan wrote:
> This looks like an interesting project but I cannot recommend or advise
> avoidance:
>
> https://cryptech.is/
> https://ripe69.ripe.net/presentations/136-141106.ripe-cryptech.pdf
>
> I'd be interested in anyone's experience / thoughts on this.
>
>
> Also the new emergence of cloud based services:
> https://aws.amazon.com/cloudhsm/
aws cloudhsm used to be ran on Safenet hardware, i wonder what they use now

*Q: Will my Safenet-based HSMs be retired?*

No. While we believe the feature set and cost of the new CloudHSM
service offer a far more attractive alternative, we will maintain AWS
CloudHSM Classic for existing customers. Resources will be available
shortly to assist in migrating from CloudHSM Classic to the new service.

https://aws.amazon.com/cloudhsm/faqs/


>  - Barry
>
>
>> Bill Woodcock wrote:
>>>> On Sep 5, 2017, at 12:25 PM, Brett <brettcarr at gmail.com> wrote:
>>>>
>>>> It's been a long time since I looked at HSM's (my previous
>>>> experience is with Sun (PCI) and Thales (Network), but this was
>>>> all a few years ago now. What is popular these days and is there
>>>> any that anyone would particularly avoid or recommend.
>>> We have a fleet of AEP Keypers, which we’ve been extraordinarily
>>> happy with.  They’ve worked exactly as advertised, without any
>>> hiccups, and AEP’s support has been outstanding, when we’ve wanted
>>> to do things outside-of-the-ordinary.  I think we’re signing ~100
>>> TLDs with them, been using them for about six years, just finished
>>> a rotation out for their routine-service and battery replacement,
>>> all of which went smoothly.
>>>
>>> -Bill
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________ dns-operations
>>> mailing list dns-operations at lists.dns-oarc.net 
>>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations 
>>> dns-operations mailing list 
>>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170906/bfe168a9/attachment.html>


More information about the dns-operations mailing list