[Opendnssec-user] SmartCard-HSM as key store for DNSSEC
Andreas Schwier
andreas.schwier at cardcontact.de
Thu Mar 29 14:37:38 UTC 2012
Dear folks,
I'm looking for pointers how to implement a suitable backup strategy für
DNSSEC signing keys.
We've designed a secure key store called SmartCard-HSM that implements
secure generation, storage and use of asymmetric keys in a CC evaluated
smart card (see flyer at [1]).
In a next step we want to support key replication among a cluster of
SmartCard-HSMs in order to implement load balancing and key backup. We
have a draft concept for it, but would like to cross-check with actual
user requirements in the DNSSEC area.
Any hints are highly appreciated.
Kind regards,
Andreas
[1] http://www.cardcontact.de/products/SmartCard-HSM_V1.0.pdf
--
--------- CardContact Software & System Consulting
|.##> <##.| Andreas Schwier
|# #| Schülerweg 38
|# #| 32429 Minden, Germany
|'##> <##'| Phone +49 171 8334920
--------- http://www.cardcontact.de
http://www.tscons.de
http://www.openscdp.org
More information about the Opendnssec-user
mailing list