[Opendnssec-develop] Sessions with network HSM:s

Jakob Schlyter jakob at kirei.se
Tue Nov 16 08:20:26 UTC 2010

On 16 nov 2010, at 08.19, Rickard Bellgrim wrote:

> SIDN is having some problems with their HSM, because it closes a session if it has been idle for too long time. E.g. key generation every third month.
> We have also seen this during the evaluations of the HSMs. It is Utimaco and SafeNet who close their session/TCP-connection if it has been idle for too long. But AEP and Thales can have its session open without any disruption. 
> Utimaco recommended us having a heartbeat mechanism for keeping the session alive.
> Is this the correct way to go? Or should the HSM vendor make sure to implement a heartbeat mechanism in their own library?

Should we have the enforcer "ping" libhsm every once in a while? If so, we might want to implement a hsm_ping() function just to make sure the connection is alive.


More information about the Opendnssec-develop mailing list