On Tue, Apr 21, 2009 at 11:25:59AM -0400, Edward Lewis <[email protected]> wrote a message of 60 lines which said:
> My concern is first the database over the key, it's what matters in > the event of catastrophic organizational failure. > > From that, it's a matter of "fate sharing." What ever I do to protect my > most vital element (database) can be used to protect other things as > well, including the key. But the risk for the key is not only people modifying it, it is simply people *reading* it (a concern which also exists for the database but is much less important). I have no practical experience with HSMs but, in my mind, the interesting thing is that they guarantee noone will read the key without an authorization (that's quite unlike the database where you certainly prefer a few unauthorized looks to a complete loss). _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
