[Opendnssec-develop] note on pcks11 library linking

Roy Arends roy at nominet.org.uk
Sun Feb 1 09:06:57 UTC 2009

opendnssec-develop-bounces at lists.opendnssec.org wrote on 02/01/2009 
09:16:54 AM:

> We should make a note somewhere that for production purposes, OpenDNSSEC 

> should statically link the SoftHSM libraries,

That should be singular, ofcourse: the SoftHSM library :-)

> to avoid snooping by rogue pkcs11 library proxies.

Note that a pkcs11 proxy, like the one from OpenSC is handy for debugging 
(though just not secure in production). Thanks JAD for pointing that out.


Roy Arends
Sr. Researcher
Nominet UK

More information about the Opendnssec-develop mailing list