[dns-operations] HSM recommendations

Richard Lamb slamb at xtcn.com
Thu Sep 7 07:18:42 UTC 2017


Ultimaco is used by many as well.

The HSM community is small and most know each other and from my personal
experience will listen intently on anything that allows them to
differentiate their products.  When design the root signer stuff, for
example, I found AEP happy to adjust their plans to get our buy in.

That said, I know its an old product line.

Here is a ref to a deployment by .VN recently.  They seemed ok with the
Ultimaco stuff.

http://www.co.tt/eeint/vnnic-dnssecdeployment.vn-apricot2017-v2_1488016343.pdf

I love the Cryptech stuff but as said on this list already without a
sue-able business behind it (and an even more sue-able trail of cpa firms
behind it), i find it hard to put a business behind it.

Me sceptical - no.  Not me

-Rick



On Wed, Sep 6, 2017 at 8:50 PM, John Levine <johnl at taugh.com> wrote:

> In article <CAHw9_i++QY3bvX2XGmrRn2vp-P=fy29vgZ=1+9g+EZgkF0a8FQ at mail.
> gmail.com> you write:
> >The cryptech project is very much designed to be open (so that you can
> >build your own / verify what was built), and to not rely on crypto
> >magic provided by others. You might not need this level of tinfoil /
> >your threat model might differ, but it's a fascinating project, I
> >encourage people to look into it and get involved.
>
> Seems to me that if you don't need that level of tinfoil, an old linux
> box with one account makes a dandy LSM.
>
> R's,
> John
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170907/e4306752/attachment.html>


More information about the dns-operations mailing list