[Dnssec-deployment] SCA6000 users [Re: SUN SCA6000 FIPS 140 certification]
Paul Wouters
paul at xelerance.com
Tue Mar 29 05:36:17 EDT 2011
On Mon, 28 Mar 2011, Peter Koch wrote:
>> We, like many ccTLDs, are using the SUN SCA6000 HSM in our DNSSEC infrastructure.
>
> I am unaware of any SCA6000 users' list and the topic may be too narrow
> for this list, so I'd suggest for those of us at the IETF in Prague we
> meet for an informal meeting during lunchtime Thursday at the registration
> desk. We could exchange our experiences (and grieves) and discuss what
> people's plans are given the current state of affairs.
I'll be there. As a vendor, we noticed that althoug everyone asks for HSM, once
they need to pay extra they most often backtrack on the requirement. I had heard
the new price tag went from $1500 to $10k, which for us would likely mean we
will have to use an alternative. Which is bad, because one of the good things
about the SCA card is that you can have an infinite amount of keys in the HSM
(using the HSM master key and a file on disk)
Paul
More information about the Dnssec-deployment
mailing list