[Opendnssec-develop] note on pcks11 library linking
roy at nominet.org.uk
Sun Feb 1 09:06:57 UTC 2009
opendnssec-develop-bounces at lists.opendnssec.org wrote on 02/01/2009
> We should make a note somewhere that for production purposes, OpenDNSSEC
> should statically link the SoftHSM libraries,
That should be singular, ofcourse: the SoftHSM library :-)
> to avoid snooping by rogue pkcs11 library proxies.
Note that a pkcs11 proxy, like the one from OpenSC is handy for debugging
(though just not secure in production). Thanks JAD for pointing that out.
More information about the Opendnssec-develop