+--On 17 mars 2014 12:36:32 -0700 Doug Barton <do...@dougbarton.us> wrote: | On 03/17/2014 12:29 PM, Mathieu Arnold wrote: |> Hum, so, it will also use pkcs11 for dnssec validation too ? (Sorry if |> this seems a silly question.) | | HSMs are typically an auth-only tool, although I suppose that in a | super-high-security environment that they could be justified for | validation ... it would be interesting to see a requirements doc on what | the HSM would need to provide to do that.
Yes, it was my understanding of how HSM worked. That's why I was trying to build with OpenSSL *and* native PKCS11, to get the DNSSEC validation on one side, and PKCS11 interface for zone signing on the other. -- Mathieu Arnold _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users