>> i keep wondering about the use of hsms in dnssec and rpki signing. i >> suspect that the threat model is not well thought out. > > I wonder what other operator's reasons for using a HSM with DNSSEC are > (security-relevant, not performance-relevant).
exactly. and folk are spending very large amounts of money on hsms and have not been able to explain their threat/security model so that i could understand it. of course, the lack of understanding could be my problem. but i suspect security theater. randy _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
