Hello.
On Jan 17, 2011, at 11:41 AM, Rickard Bellgrim wrote: > We have written a review of four different HSM:s (AEP, Safenet, Thales, and > Utimaco) with focus on creating signatures for DNSSEC with the PKCS#11 > interface. Other topics was also addressed like the security model, > administration, and backup/HA-mode. Very interesting read, thanks for sharing this. > > It is typically TLD:s that uses HSM:s for DNSSEC, but others are probably > more interested in some cheaper alternatives but still be sure that the keys > are stored safe. > > We were wondering if there would be someone willing to continue this work but > focusing on alternatives like smartcards and USB-tokens. Most smart cards, especially smart cards personalized by OpenSC, don't have very fancy and varying managing capabilities, comparable to HSM-s. Yet an overall review of smart cards, their security models, FIPS validations etc would do good, as this information is currently not systematically gathered to OpenSC wiki nor easy to compare. > > You can read the full report here: > http://www.opendnssec.org/wp-content/uploads/2011/01/A-Review-of-Hardware-Security-Modules-Fall-2010.pdf >From the report: "For the test of the PKCS#11 interface (review point A.2) we used a specially developed test tool called pkcs11-testing. If desired, please contact the authors to obtain the source code." Feel free to e-mail me directly with this, if you don't want to publish it anywhere. -- @MartinPaljak.net +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
