In message <[email protected]>, Paul Wou
ters writes:
> On Wed, 3 Jun 2009, Mark Andrews wrote:
>
> >>> You can, for example, bribe a personnel or two, against which there
> >>> is no cryptographical protection, which means PKI is weakly secure.
> >>
> >> You have never heard of a Hardware Security Module?
> >
> > HSM doesn't stop the wrong data being signed. It just stops
> > it being signed on machines other that the designated servers.
>
> The context was the "false security" of DNSSEC and the "third party trust".
> Obviously changing the raw dns data is possible both with and without DNSSEC.
>
> Paul
If you are "bribing personel" you need to assume they can
do anything the orginisation they work for can do. HSM's
don't help in this case. HSM's have their place but you
need to understand the limitations of the devices. HSM's
are better than just having the private component of a
public key sitting on a disk somewhere but in most operational
enviornments they don't add that much more security to the
process.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email protected]
_______________________________________________
Ietf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf
