Hi
We have written a review of four different HSM:s (AEP, Safenet, Thales, and
Utimaco) with focus on creating signatures for DNSSEC with the PKCS#11
interface. Other topics was also addressed like the security model,
administration, and backup/HA-mode.
It is typically TLD:s that uses HSM:s
Hello.
On Jan 17, 2011, at 11:41 AM, Rickard Bellgrim wrote:
We have written a review of four different HSM:s (AEP, Safenet, Thales, and
Utimaco) with focus on creating signatures for DNSSEC with the PKCS#11
interface. Other topics was also addressed like the security model,
On 17 jan 2011, at 12.56, Martin Paljak wrote:
Most smart cards, especially smart cards personalized by OpenSC, don't have
very fancy and varying managing capabilities, comparable to HSM-s.
Yes, so you probably have to create another set of review points in this case.
Yet an overall review
2011/1/17 Rickard Bellgrim rickard.bellg...@iis.se:
On 17 jan 2011, at 12.56, Martin Paljak wrote:
From the report:
For the test of the PKCS#11 interface (review point A.2) we used a
specially developed test tool called pkcs11-testing. If desired, please
contact the authors to obtain the
A very nice report. I agree with your findings about diversity of
authorization models :-)
for smart cards or usb tokens there of course don't exist any enforced
security models or backup models etc. One could discuss how it would be
possible to implement such models (using routines etc) in a
