[Opendnssec-develop] OpenHardware HSM
Rick van Rein
rick at openfortress.nl
Fri Oct 19 07:57:49 UTC 2012
Hello,
> Matthijs also reports that he has seem some discussion on a DNS OPS
> mailing list of efforts to develop an open source HSM
That ought to be straightforward -- setup SoftHSM 2.x or a similar
PKCS #11 implementation on any PC-ish device. On a Raspberry Pi perhaps?
The real problem with an HSM would be support of "business scenario's"
such as redundancy and backup, and perhaps juggling tokens to gain
access. This is a lot of hard work, and support-intensive; so it is
not an extremely bad idea IMHO to at least have the option of taking
it in from a vendor.
> That should be an open hardware HSM and it was on the dns-oarc mailing
> list and this is the thread:
A low-end, open solution that might aspire to the people looking for
it could be
http://www.yubico.com/yubihsm
Cheers,
-Rick
More information about the Opendnssec-develop
mailing list