Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dnsop-rfc4641bis-01.txt

Paul Hoffman <paul.hoffman@vpnc.org> Mon, 27 April 2009 14:44 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A54113A68AD for <dnsop@core3.amsl.com>; Mon, 27 Apr 2009 07:44:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.316
X-Spam-Level:
X-Spam-Status: No, score=-2.316 tagged_above=-999 required=5 tests=[AWL=0.283, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lznppkQ-A2ZJ for <dnsop@core3.amsl.com>; Mon, 27 Apr 2009 07:44:54 -0700 (PDT)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 96DC33A6BDE for <dnsop@ietf.org>; Mon, 27 Apr 2009 07:44:53 -0700 (PDT)
Received: from [10.20.30.158] (dsl-63-249-108-169.static.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n3REk8Zm037536 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 27 Apr 2009 07:46:09 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240818c61b756ae8ed@[10.20.30.158]>
In-Reply-To: <A3C4CA7A-D203-4D1C-9497-24BD4D681AF1@hopcount.ca>
References: <20090306141501.4BA2F3A6B4B@core3.amsl.com> <49EDA81E.2000600@ca.afilias.info> <a06240805c6138a622949@[10.31.200.142]> <82iqkykq10.fsf@mid.bfk.de> <a06240807c61393343ac7@[10.31.200.142]> <20090421153213.GA7564@nic.fr> <a06240808c61397d750db@[10.31.200.142]> <20090421160040.GD64986@shinkuro.com> <a06240800c613abf111de@[10.31.200.142]> <49EE239D.8030701@ca.afilias.info> <20090427111945.GC11204@x27.adm.denic.de> <a06240800c61b5c43694a@[192.168.1.103]> <A3C4CA7A-D203-4D1C-9497-24BD4D681AF1@hopcount.ca>
Date: Mon, 27 Apr 2009 07:46:07 -0700
To: Joe Abley <jabley@hopcount.ca>, Edward Lewis <Ed.Lewis@neustar.biz>
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="us-ascii"
Cc: IETF DNSOP WG <dnsop@ietf.org>
Subject: Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dnsop-rfc4641bis-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Apr 2009 14:44:54 -0000

At 9:16 AM -0400 4/27/09, Joe Abley wrote:
>On 27-Apr-2009, at 09:05, Edward Lewis wrote:
>
>>Perhaps we should avoid the RFC 5513 "HSM" and just spell it out - a (cryptographic) hardware support module.
>
>Hardware Security Module is the more usual expanded form, I think?

It is indeed. "hardware support module" sounds like a crypto accelerator chip, which has a completely different function, one that doesn't include holding private keys.

--Paul Hoffman, Director
--VPN Consortium