[Opendnssec-develop] note on pcks11 library linking
Roy Arends
roy at nominet.org.uk
Sun Feb 1 09:06:57 UTC 2009
opendnssec-develop-bounces at lists.opendnssec.org wrote on 02/01/2009
09:16:54 AM:
> We should make a note somewhere that for production purposes, OpenDNSSEC
> should statically link the SoftHSM libraries,
That should be singular, ofcourse: the SoftHSM library :-)
> to avoid snooping by rogue pkcs11 library proxies.
Note that a pkcs11 proxy, like the one from OpenSC is handy for debugging
(though just not secure in production). Thanks JAD for pointing that out.
Regards,
Roy Arends
Sr. Researcher
Nominet UK
More information about the Opendnssec-develop
mailing list