On Mon, 15 Oct 2012 09:13:45 -0700, Paul Hoffman <[email protected]> said:
> On Oct 15, 2012, at 7:39 AM, Alexander Gall <[email protected]> wrote: >> A hardware HSM allows you to detect when your keys get stolen >> (provided the hardware does not implement extraction of the keys, of >> course). In our case, this is the *only* reason we use a HSM at all. > A properly-designed software-based HSM in a tamper-evident box would have the > same property. Of course. I'm not sure if that was what Miek implied in his question, though. If it was, my point is obviously moot. -- Alex _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
