Rickard.Bondesson at iis.se
Mon Dec 1 13:12:55 CET 2008
-----BEGIN PGP SIGNED MESSAGE-----
What is your view about the SoftHSM? Should it become a solution for OpenDNSSEC or a general purpose HSM?
- - In OpenDNSSEC there is no need of having the possibility to add external public keys to the HSM, since we do not need to verify external signatures or encrypt data to a third party.
- - In OpenDNSSEC we do not need to encrypt/decrypt anything.
- - Since we only sign information, we do not need to keep track of whether a key pair is for signing or encryption.
- - A general solution would need a more complex internal key handling solution.
- - A general purpose solution would become a bit slower since we have to handle more internal state cases.
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop