<div dir="ltr"><br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I imagine this scenario:<br>
- Enforcer creates keys in one view, say on HSM #1<br>
- Enforcer creates signconf<br>
- Enforcer sends an update for the zone to the Signer<br>
- Signer looks up keys from another view, possibly on HSM #2<br>
- This view does not contain the keys yet<br>
--> we'd have to establish if this is PKCS #11 compliant (making it a Signer bug) or not (making it an HSM bug)<br>
<div class="im"><br></div></blockquote><div><br></div><div style>Clustering is handled outside of PKCS#11, but it is part of the HSM software. If an HSM generates a key pair, then another application should be able to us it. If not, then there is something wrong with the clustering code in the HSM. It is not High-Availability, but maybe Availability-With-Some-Delay.</div>
<div><br></div><div style>// Rickard </div></div></div></div>