A very nice report. I agree with your findings about diversity of authorization models :-)
for smart cards or usb tokens there of course don't exist any "enforced" security models or backup models etc. One could discuss how it would be possible to implement such models (using routines etc) in a satisfactory way. Cheers, Tomas On 01/17/2011 10:41 AM, Rickard Bellgrim wrote: > Hi > > We have written a review of four different HSM:s (AEP, Safenet, Thales, and > Utimaco) with focus on creating signatures for DNSSEC with the PKCS#11 > interface. Other topics was also addressed like the security model, > administration, and backup/HA-mode. > > It is typically TLD:s that uses HSM:s for DNSSEC, but others are probably > more interested in some cheaper alternatives but still be sure that the keys > are stored safe. > > We were wondering if there would be someone willing to continue this work but > focusing on alternatives like smartcards and USB-tokens. > > You can read the full report here: > http://www.opendnssec.org/wp-content/uploads/2011/01/A-Review-of-Hardware-Security-Modules-Fall-2010.pdf > > Thanks > // Rickard > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel