>> It's possible to come up with bad escrow mechanisms, which leave the key >> vulnerable. That's just bad engineering, it's got nothing to do with HSMs. >> However, a properly designed procedure with enough support from the HSM will >> defend against this. > > The same is true for systems that act like HSMs.
Indeed. So what's the difference between HSMs and "systems that act like HSMs"? Robert _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
