[Opendnssec-develop] getting rid of HSM callsfrom the communicator
Roland van Rijswijk
roland.vanrijswijk at surfnet.nl
Thu Sep 10 08:55:21 UTC 2009
+1, a default salt is a bad idea IMHO.
Antoin Verschuren wrote:
> It would seem the better option to me too to generate the salt at system installation/first startup.
>
> Antoin Verschuren
>
> Technical Policy Advisor SIDN
> Utrechtseweg 310, PO Box 5022, 6802 EA Arnhem, The Netherlands
>
> P: +31 26 3525500 F: +31 26 3525505 M: +31 6 23368970
> mailto:antoin.verschuren at sidn.nl xmpp:antoin at jabber.sidn.nl http://www.sidn.nl/
>
>
>> -----Original Message-----
>> From: opendnssec-develop-bounces at lists.opendnssec.org [mailto:opendnssec-
>> develop-bounces at lists.opendnssec.org] On Behalf Of Alexd at nominet.org.uk
>> Sent: Wednesday, September 09, 2009 4:12 PM
>> To: Roy Arends
>> Cc: Opendnssec-develop at lists.opendnssec.org; opendnssec-develop-
>> bounces at lists.opendnssec.org
>> Subject: Re: [Opendnssec-develop] getting rid of HSM callsfrom the
>> communicator
>
>>> As for opendnssec, we'd need to make sure that automated re-salting
>>> is off by default. Preferably ship it with a default salt.
>> Really?!
>
>> Would it not be safer to make the salt randomly generated on a per-
>> installation basis?
>
>
>> Alex.
------------------------------------------------------------------------
_______________________________________________
Opendnssec-develop mailing list
Opendnssec-develop at lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
--
-- Roland M. van Rijswijk
-- SURFnet Middleware Services
-- t: +31-30-2305388
-- e: roland.vanrijswijk at surfnet.nl
More information about the Opendnssec-develop
mailing list