[Opendnssec-develop] Creating keys
Rick van Rein
rick at openfortress.nl
Tue Dec 2 13:26:29 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
> I think a USB token could add something in some cases, as it provides
> better security than a softtoken.
Yes. Think of the need to enter a PIN after reboot. Won't work if
someone tries to assault your system by booting off a Live CD.
> And there is of course no reason why
> the USB token could not be connected to the signer machine permanently
> (in which case it cannot easily be misplaced).
Blade systems often have an internal USB port intended for this purpose.
This could be useful for rack-stored solutions at low (extra) cost.
Best,
-Rick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: New to PGP? http://openfortress.nl/doc/essay/OpenPGP/index.nl.html
iD8DBQFJNTeDFBGpwol1RgYRAq0jAJ0dVicI2Fl/t6cHRbb7BFA4KQMocgCfTVbJ
A8/OnpuEc1A5Pw8RyXMretI=
=qfQg
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list