[Opendnssec-user] Looking for a "cheap" HSM

Joe Abley jabley at hopcount.ca
Mon Jun 24 15:12:19 UTC 2013


On 2013-06-24, at 08:47, "Rick van Rein (OpenFortress)" <rick at openfortress.nl> wrote:

>> If an HSM is used "online" through PKCS#11 API,
> 
> Nit: PKCS #11 is not a networked API, but implementations can access remote devices.

"Online" (in my experience, in this context) doesn't necessarily mean "networked". It means that the HSM is available to a host to perform crypto operations without manual intervention required, as opposed to being in a state where manual activation (e.g. using smart cards, PIN codes) is required.


Joe


More information about the Opendnssec-user mailing list