Reliance on PKCS \#11
=====================

>   *When you have reached this point in the TLS Pool Handbook, you may have
>   seen the term PKCS \#11 so often that you have stopped to think of it as
>   innovative.  Despite that, the choice to build the TLS Pool around PKCS \#11
>   and to support integration with external components for management of local
>   credentials is highly innovative.  Not only that, it solves real problems
>   felt by real security administrators.*

PKCS \#11 is useful for a number of reasons:

-   It separates secret or private keys from the TLS protocol logic.

-   It enables the administrator a range of choices in security levels.

-   It may work on a remote key storage device.

-   It may facilitate cryptographic speed-up.

-   It helps to lift reliance on hardware security — or virtual host security.

In client environments, it is somewhat common to see PKCS \#11 implemented.  The
TLS Pool is a first innovator to also pull it into the server environment.