On 14. 10. 2012, at 13:37, Carlos M. Martinez <[email protected]> wrote:
> That could be a really interesting project. I'm not sure how can I > contribute, but I'd love to see that happen. Even helping defining requirements (when we start gathering them) would be tremendous help... > ~Carlos > > On 10/14/12 3:10 PM, Ondřej Surý wrote: >> Just a question - would anyone would be interested in joining a project to >> build an OpenHardware FPGA-based HSM with focus on DNSSEC? >> >> O. >> >> On 16. 8. 2012, at 2:24, George Michaelson >> <[email protected]> >> wrote: >> >> >>> I got 8 replies. 2 ccTLD, 2 root Ops, almost everyone in s/w development or >>> operational related roles, and some independent consultants. >>> >>> Only one happy user, and I'd qualify that: they'd want a longterm migration >>> plan off the device. This person is using Solaris. >>> >>> Everyone said avoid more than 255 keys on the device. Several said use the >>> import/export mechanism. >>> >>> Two people explicitly mentioned the bad Linux driver. >>> >>> The overall tone of the (small sample) responses is: "this is not a good >>> choice right now" >>> >>> >>> My context is not DNSSEC, its RPKI, which has a far larger keypair >>> requirement. Noting a suggestion to re-use keypairs, I'd still have to >>> risk-manage future potential for multiple keys per hosted client, and >>> exceed the on-card keystore size, so the suggestion to use the >>> import/export features makes sense. Having said that, documentation on this >>> is really scant, and its hard to confirm how easily you can manage this >>> given there is no explicit OpenSSL PKCS11 support for managing PKCS12 >>> wrapped objects, and you are therefore using a java or shell command to do >>> the key import, followed by OpenSSL engine, followed by shell/java to >>> remove the key. >>> >>> If you use a pure Java solution its probably more tenable. >>> >>> Thank you to everyone for the response. I hope this summary meets a sense >>> of privacy, and OT posting. >>> >>> -G >>> _______________________________________________ >>> dns-operations mailing list >>> >>> [email protected] >>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations >>> >>> dns-jobs mailing list >>> >>> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs >> -- >> Ondřej Surý -- Chief Science Officer >> ------------------------------------------- >> CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC >> Americka 23, 120 00 Praha 2, Czech Republic >> >> mailto:[email protected] http://nic.cz/ >> >> tel:+420.222745110 fax:+420.222745112 >> ------------------------------------------- >> >> >> >> >> _______________________________________________ >> dns-operations mailing list >> >> [email protected] >> https://lists.dns-oarc.net/mailman/listinfo/dns-operations >> >> dns-jobs mailing list >> >> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs > > > -- > > -- > Carlos M. Martinez > LACNIC R+D > > http://www.labs.lacnic.net -- Ondřej Surý -- Chief Science Officer ------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Americka 23, 120 00 Praha 2, Czech Republic mailto:[email protected] http://nic.cz/ tel:+420.222745110 fax:+420.222745112 -------------------------------------------
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
