[dns-operations] .de DNSSEC issue root cause
Petr Špaček
pspacek at isc.org
Mon Jun 15 09:27:20 UTC 2026
On 12. 06. 26 20:05, Randy Bush wrote:
>> - choose your HSM vendors carefully so that there are opportunities to
>> replicate secrets between HSMs without exposing them. This is not
>> impossible.
> no standard exists
Define 'standard'.
PKCS#11 offers C_WrapKey operation to export private keys without
exposing them in plain text. C_UnwrapKey then imports it on the other end.
See
https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html
--
Petr Špaček
More information about the dns-operations
mailing list