> A hardware HSM allows you to detect when your keys get stolen > (provided the hardware does not implement extraction of the keys, of > course). In our case, this is the *only* reason we use a HSM at all.
i keep wondering about the use of hsms in dnssec and rpki signing. i suspect that the threat model is not well thought out. randy _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
