[Opendnssec-user] HSM size
Jakob Schlyter
jakob at kirei.se
Sat Dec 22 21:18:39 UTC 2012
On 22 dec 2012, at 17:00, Randy Bush <randy at psg.com> wrote:
> could someone please explain the threat model and the circumstances
> which warrant an hsm?
It usually boils down to that you know if your keys are compromised or not; either you have the HSM or you don't (given that the keys can not be extracted in a controlled way). In a lot of environments, this property alone warrant an HSM.
There are of course other nice properties, such as speed, but IMHO those are secondary.
jakob
More information about the Opendnssec-user
mailing list