[Opendnssec-develop] Creating keys

Rick van Rein rick at openfortress.nl
Tue Dec 2 14:26:29 CET 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

> I think a USB token could add something in some cases, as it provides
> better security than a softtoken.

Yes.  Think of the need to enter a PIN after reboot.  Won't work if
someone tries to assault your system by booting off a Live CD.

> And there is of course no reason why
> the USB token could not be connected to the signer machine permanently
> (in which case it cannot easily be misplaced).

Blade systems often have an internal USB port intended for this purpose.
This could be useful for rack-stored solutions at low (extra) cost.


Best,
 -Rick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: New to PGP? http://openfortress.nl/doc/essay/OpenPGP/index.nl.html

iD8DBQFJNTeDFBGpwol1RgYRAq0jAJ0dVicI2Fl/t6cHRbb7BFA4KQMocgCfTVbJ
A8/OnpuEc1A5Pw8RyXMretI=
=qfQg
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list