On 22 dec 2012, at 23:10, Paul Wouters <[email protected]> wrote:
> On Sat, 22 Dec 2012, Jakob Schlyter wrote:
>
> However, I haven't heard from HSM vendors if they are not vulnerable to
> the various padding oracle attacks, and the HSMs I've looked at, do not
> support disabling encryption and only allow signing of data. So I'm not
> convinced an HSM even brings you this security.....
The AEP keyper can disable encryption.
>> There are of course other nice properties, such as speed, but IMHO those are
>> secondary.
>
> For those who want slower speed?
Unless you cluster a bunch of SCA/6000 or SafeNet LUNA SA - that's speed.
jakob
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
