[Opendnssec-develop] Creating keys
Rick van Rein
rick at openfortress.nl
Tue Dec 2 14:26:29 CET 2008
-----BEGIN PGP SIGNED MESSAGE-----
> I think a USB token could add something in some cases, as it provides
> better security than a softtoken.
Yes. Think of the need to enter a PIN after reboot. Won't work if
someone tries to assault your system by booting off a Live CD.
> And there is of course no reason why
> the USB token could not be connected to the signer machine permanently
> (in which case it cannot easily be misplaced).
Blade systems often have an internal USB port intended for this purpose.
This could be useful for rack-stored solutions at low (extra) cost.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v18.104.22.168 (GNU/Linux)
Comment: New to PGP? http://openfortress.nl/doc/essay/OpenPGP/index.nl.html
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop