[Dnssec-deployment] SCA6000 users [Re: SUN SCA6000 FIPS 140 certification]
richard.lamb at icann.org
Mon Mar 28 12:24:25 EDT 2011
I have some tamper evident stickers, some microcontroller USB dongles. Add $15K to pay Domus (the testing lab) and lets make our own level 3 HSMs ;-).
But seriously, for almost $10K why not buy the IBM 4764/5 level 4 HSM that has better support. I understand that it is just Linux inside and a kit can be had to program its internals (RRSIG computer anyone? anyone?...).
Wish I could meet you guys in Prague. I do think #1 is not as far fetched as it may seem. At the RSA meeting expo floor I spoke with at least 5 vendors willing to provide me with a level 3 certified USB fob /w PKCS11 support. Sure these things could only do 10-100 sigs/s but seems only a matter of time before someone familiar with the FIPS certification process seeks the same for some much faster tin-wrapped s/w /w tamper sensors.
> > I am unaware of any SCA6000 users' list
> The problem is that SCA6000 has been discontinued by Oracle :-(.
More information about the Dnssec-deployment