[Opendnssec-develop] SoftHSM

Rickard Bondesson Rickard.Bondesson at iis.se
Mon Dec 1 13:12:55 CET 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

What is your view about the SoftHSM? Should it become a solution for OpenDNSSEC or a general purpose HSM?

For example:
- - In OpenDNSSEC there is no need of having the possibility to add external public keys to the HSM, since we do not need to verify external signatures or encrypt data to a third party.

- - In OpenDNSSEC we do not need to encrypt/decrypt anything.

- - Since we only sign information, we do not need to keep track of whether a key pair is for signing or encryption.

- - A general solution would need a more complex internal key handling solution.

- - A general purpose solution would become a bit slower since we have to handle more internal state cases.

// Rickard
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8

wsBVAwUBSTPUx+CjgaNTdVjaAQiGCAf/awf/DeMXk4Z03RIxeiuv0rvlNsTZF0lZ
Xrck/9Cm0rzF/l0h0ScypekjhPByuwjbXUSmFRCbxubav7M6ZsZXR43zRVKKafX1
QR9+lfekXyNf8Ll1cqzNoTLLJ+2SUOWecxE16okO1FsRn9LwyV5DGmxOrYyJgwvV
WrXxIH9shg5Nu5e7ehCO9tjfOi+/43FGkf5fBFmbeqQLt35J5sq7vMt/pEyrAylF
Es/3N1VVI2/xYpmRBfKMkJB8NO7wZ5OWmQaJ4CwALXgz4KdKRshlXs6bNgQKjLbm
DcZFiPVlHexbAt771mv0+T/L+VFb91r9JB20TK4Vo5wJIzLxWIFD/Q==
=5CG4
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list