[Opendnssec-develop] SoftHSM
Rickard Bondesson
Rickard.Bondesson at iis.se
Mon Dec 1 12:12:55 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
What is your view about the SoftHSM? Should it become a solution for OpenDNSSEC or a general purpose HSM?
For example:
- - In OpenDNSSEC there is no need of having the possibility to add external public keys to the HSM, since we do not need to verify external signatures or encrypt data to a third party.
- - In OpenDNSSEC we do not need to encrypt/decrypt anything.
- - Since we only sign information, we do not need to keep track of whether a key pair is for signing or encryption.
- - A general solution would need a more complex internal key handling solution.
- - A general purpose solution would become a bit slower since we have to handle more internal state cases.
// Rickard
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSTPUx+CjgaNTdVjaAQiGCAf/awf/DeMXk4Z03RIxeiuv0rvlNsTZF0lZ
Xrck/9Cm0rzF/l0h0ScypekjhPByuwjbXUSmFRCbxubav7M6ZsZXR43zRVKKafX1
QR9+lfekXyNf8Ll1cqzNoTLLJ+2SUOWecxE16okO1FsRn9LwyV5DGmxOrYyJgwvV
WrXxIH9shg5Nu5e7ehCO9tjfOi+/43FGkf5fBFmbeqQLt35J5sq7vMt/pEyrAylF
Es/3N1VVI2/xYpmRBfKMkJB8NO7wZ5OWmQaJ4CwALXgz4KdKRshlXs6bNgQKjLbm
DcZFiPVlHexbAt771mv0+T/L+VFb91r9JB20TK4Vo5wJIzLxWIFD/Q==
=5CG4
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list