[Opendnssec-develop] Creating keys
roy at nominet.org.uk
Tue Dec 2 14:49:23 CET 2008
Rick van Rein wrote on 12/02/2008 02:26:29 PM:
> > I think a USB token could add something in some cases, as it provides
> > better security than a softtoken.
> Yes. Think of the need to enter a PIN after reboot. Won't work if
> someone tries to assault your system by booting off a Live CD.
> > And there is of course no reason why
> > the USB token could not be connected to the signer machine permanently
> > (in which case it cannot easily be misplaced).
> Blade systems often have an internal USB port intended for this purpose.
> This could be useful for rack-stored solutions at low (extra) cost.
I apologize for treating USB tokens as a second rate citizen. They have
dibs on HSM tags as well ;-)
Lets continue to help Rickard getting the softtoken both pkcs11 and
More information about the Opendnssec-develop