<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Hey,</div><div><br></div><div>I think anybody using softhsm in production should perhaps be introduced to <<span style="font-family:'.HelveticaNeueUI';font-size:15px;line-height:19px;white-space:nowrap"><a href="http://www.entropykey.co.uk/">http://www.entropykey.co.uk/</a></span>>.</div>
<div><br></div><div><br></div><div>Joe<br><br>Aue Te Ariki! He toki ki roto taku mahuna!</div><div><br>On 2013-09-02, at 15:21, "Carlos M. Martinez" <<a href="mailto:carlos@lacnic.net">carlos@lacnic.net</a>> wrote:<br>
<br></div><blockquote type="cite"><div><span>Hello,</span><br><blockquote type="cite"><span>I'm still not convinced these are harmless. But I guess I'm strongly</span><br></blockquote><blockquote type="cite"><span>biased to only depending on a FIPS certified RNG.</span><br>
</blockquote><span>I think we need to think about where OpenDNSSEC will be used the most,</span><br><span>which is our target audience.</span><br><span></span><br><span>FIPS-like requirements are great if you are a TLD, or a large DNS host</span><br>
<span>with many zones. If you are a small shop signing only a couple of zones,</span><br><span>then it's too much.</span><br><span></span><br><span>It would be great if different target audiences could be defined at run</span><br>
<span>time, but I don't know if it's doable.</span><br><span></span><br><span>regards</span><br><span></span><br><span>~Carlos</span><br><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite">
<span>Paul</span><br></blockquote><blockquote type="cite"><span>_______________________________________________</span><br></blockquote><blockquote type="cite"><span>Opendnssec-user mailing list</span><br></blockquote><blockquote type="cite">
<span><a href="mailto:Opendnssec-user@lists.opendnssec.org">Opendnssec-user@lists.opendnssec.org</a></span><br></blockquote><blockquote type="cite"><span><a href="https://lists.opendnssec.org/mailman/listinfo/opendnssec-user">https://lists.opendnssec.org/mailman/listinfo/opendnssec-user</a></span><br>
</blockquote><span></span><br><span>_______________________________________________</span><br><span>Opendnssec-user mailing list</span><br><span><a href="mailto:Opendnssec-user@lists.opendnssec.org">Opendnssec-user@lists.opendnssec.org</a></span><br>
<span><a href="https://lists.opendnssec.org/mailman/listinfo/opendnssec-user">https://lists.opendnssec.org/mailman/listinfo/opendnssec-user</a></span><br></div></blockquote></body></html>