[Opendnssec-user] HSM size
Jakob Schlyter
jakob at kirei.se
Sat Dec 22 22:18:13 UTC 2012
On 22 dec 2012, at 23:10, Paul Wouters <paul at nohats.ca> wrote:
> On Sat, 22 Dec 2012, Jakob Schlyter wrote:
>
> However, I haven't heard from HSM vendors if they are not vulnerable to
> the various padding oracle attacks, and the HSMs I've looked at, do not
> support disabling encryption and only allow signing of data. So I'm not
> convinced an HSM even brings you this security.....
The AEP keyper can disable encryption.
>> There are of course other nice properties, such as speed, but IMHO those are secondary.
>
> For those who want slower speed?
Unless you cluster a bunch of SCA/6000 or SafeNet LUNA SA - that's speed.
jakob
More information about the Opendnssec-user
mailing list