In message <alpine.LFD.1.10.0906022057560.22834@xxxxxxxxxxxxxxxxxxxx>, Paul Wou ters writes: > On Wed, 3 Jun 2009, Mark Andrews wrote: > > >>> You can, for example, bribe a personnel or two, against which there > >>> is no cryptographical protection, which means PKI is weakly secure. > >> > >> You have never heard of a Hardware Security Module? > > > > HSM doesn't stop the wrong data being signed. It just stops > > it being signed on machines other that the designated servers. > > The context was the "false security" of DNSSEC and the "third party trust". > Obviously changing the raw dns data is possible both with and without DNSSEC. > > Paul If you are "bribing personel" you need to assume they can do anything the orginisation they work for can do. HSM's don't help in this case. HSM's have their place but you need to understand the limitations of the devices. HSM's are better than just having the private component of a public key sitting on a disk somewhere but in most operational enviornments they don't add that much more security to the process. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@xxxxxxx _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf