[Opendnssec-develop] Sun SCA6000 on Ubuntu
Jelte Jansen
jelte at NLnetLabs.nl
Tue Jun 30 11:43:30 UTC 2009
Jakob Schlyter wrote:
> On 30 jun 2009, at 07.33, Rickard Bondesson wrote:
>
>> We should do the hashing in the host and not via an HSM. What do you
>> think of that? Then we would only need to do signing and key
>> generation in the hsm.
>
> are there any HSM that does not support signing only (and thus MUST do
> the hashing itself)?
>
i think there are some cheap ones that do that, but i certainly can't name them.
Note that they will fail with the current code as well, since while both hashing
and signing are done by the hsm (library) at the moment, they are performed
separately.
Jelte
More information about the Opendnssec-develop
mailing list