On Sat, 22 Dec 2012, Jakob Schlyter wrote:
could someone please explain the threat model and the circumstances
which warrant an hsm?
It usually boils down to that you know if your keys are compromised or not;
either you have the HSM or you don't (given that the keys can not be extracted
in a controlled way). In a lot of environments, this property alone warrant an
HSM.
However, I haven't heard from HSM vendors if they are not vulnerable to
the various padding oracle attacks, and the HSMs I've looked at, do not
support disabling encryption and only allow signing of data. So I'm not
convinced an HSM even brings you this security.....
There are of course other nice properties, such as speed, but IMHO those are
secondary.
For those who want slower speed?
Paul
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
