[Opendnssec-develop] Sessions with network HSM:s

Rickard Bellgrim rickard.bellgrim at iis.se
Tue Nov 16 07:19:28 UTC 2010


SIDN is having some problems with their HSM, because it closes a session if it has been idle for too long time. E.g. key generation every third month.

We have also seen this during the evaluations of the HSMs. It is Utimaco and SafeNet who close their session/TCP-connection if it has been idle for too long. But AEP and Thales can have its session open without any disruption. 

Utimaco recommended us having a heartbeat mechanism for keeping the session alive.

Is this the correct way to go? Or should the HSM vendor make sure to implement a heartbeat mechanism in their own library?

// Rickard

More information about the Opendnssec-develop mailing list