[Opendnssec-user] Distributed backend for SoftHSMv2 (was: distributed OpenDNSSEC (distributed database and HSM))

Jerry Lundström jerry at opendnssec.org
Thu Mar 6 13:29:14 UTC 2014


Hi Petr,

I’m separating the SoftHSMv2 into a new thread.

On 06 Mar 2014, at 14:06 , Petr Spacek <pspacek at redhat.com> wrote:

> Imagine that the data store is in fact a remote database. You want to be able to use the keys stored in the token even if the connection to the backend database is down.

That should be handled by the backend code then, if it needs to cache locally etc. I think SoftHSMv2 has its backend abstracted so this should be possible but I am no expect in SoftHSMv2, that is mostly handled by Rickard and Francis. Maybe they can shed some light on this?

> Anyway, we are going to investigate if SoftHSMv2 can work on top of our existing database code or not. I'm not saying 'no', I'm just saying that it is not that easy as it may seem.

I understand that, your basically trying to make a network distributed HSM and we have seen big companies take their time to make it really work.

Regards,
Jerry

--
Jerry Lundström - OpenDNSSEC Developer
http://www.opendnssec.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 625 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140306/d9149963/attachment.bin>


More information about the Opendnssec-user mailing list