[Opendnssec-user] Looking for a "cheap" HSM

Rick van Rein (OpenFortress) rick at openfortress.nl
Mon Jun 24 12:47:47 UTC 2013


Hi,

> If an HSM is used "online" through PKCS#11 API,

Nit: PKCS #11 is not a networked API, but implementations can access remote devices.

> how the user "select the key container". In other words: how i select my certificate and not the one from my neighbourgs ?

* CKA_ID and/or CKA_LABEL attributes
* multiple slots / tokens, sometimes called "partitions" of your HSM

> Is there any place with a price comparison chart or some information about HSM prices (instead of contacting each provider and ask).

Most HSMs use an individual sales trajectory, in light of their high prices.

Don't just look at the price; look at security principes such as access control, possibly redundancy options, and, easily forgotten but very important, backup/recovery facilities.

-Rick




More information about the Opendnssec-user mailing list