On Mar 16, 2010, at 15:31 , Tomas Gustavsson wrote: > > If using PKCS#11 I would personally not go down a path that is not > commonly used. The common usage of smart cards and hardware security > modules always stores both the private (as a sensitive object) and the > public key (either as a public key or as an x.509 certificate). > This works and is well tested and is sure to work across a wide range of > smart cards and hardware security modules. > > Why is this not suitable for OpenDNSSEC.
IMO as well, either a key or a certificate is the atomic object dealt with by most software. I would not suggest breaking this without a specific requirement (I don't think that saving space in HSM would be one - a greater HSM would fix the problem ;)) -- Martin Paljak http://martin.paljak.pri.ee +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
