On 22 dec 2012, at 17:00, Randy Bush <[email protected]> wrote:
> could someone please explain the threat model and the circumstances
> which warrant an hsm?
It usually boils down to that you know if your keys are compromised or not;
either you have the HSM or you don't (given that the keys can not be extracted
in a controlled way). In a lot of environments, this property alone warrant an
HSM.
There are of course other nice properties, such as speed, but IMHO those are
secondary.
jakob
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
