[Opendnssec-develop] OpenHardware HSM

Rick van Rein rick at openfortress.nl
Fri Oct 19 07:57:49 UTC 2012


> Matthijs also reports that he has seem some discussion on a DNS OPS
> mailing list of efforts to develop an open source HSM

That ought to be straightforward -- setup SoftHSM 2.x or a similar
PKCS #11 implementation on any PC-ish device.  On a Raspberry Pi perhaps?

The real problem with an HSM would be support of "business scenario's"
such as redundancy and backup, and perhaps juggling tokens to gain
access.  This is a lot of hard work, and support-intensive; so it is
not an extremely bad idea IMHO to at least have the option of taking
it in from a vendor.

> That should be an open hardware HSM and it was on the dns-oarc mailing
> list and this is the thread:

A low-end, open solution that might aspire to the people looking for
it could be



More information about the Opendnssec-develop mailing list