In your previous mail you wrote:
Now, I'm saying, for these 10 years, that PKI is broken.
=> what is broken? Crypto, trust model, architecture (including
the RA/CA stuff), etc. There should be many ways to be broken (:-).
That signature generation mechanism is accessible on line does not
necessarily mean that a private key is accessible on line.
=> I fully agree and this is IMHO the main interest of HSM (aka
crypto hardware/accelerators), which as I explained is not the
speed even some can go in 19"30...
Regards
[EMAIL PROTECTED]
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
