[Opendnssec-develop] storing blobs in the HSM

Jelte Jansen jelte at NLnetLabs.nl
Fri Feb 27 11:05:47 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rickard Bondesson wrote:
>> Why would you store it in the HSM? 
> 
>> I'd store it on disk! 
> 
> Agree
> 
> Why make more dependencies with HSM:s than necessary? Is the salt value as important to protect as the private keys?
> 

Actually, what I'm wondering now is where you store the metadata of currently
running policies, like what keys are in use, since when, etc. Looks to me like
that would also be the place to store current salt values.

Or was the place to store that also included in the original question?

Jelte

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmnyQcACgkQ4nZCKsdOncWooQCfcK2XDdjPYVz62fbiLsQtDmk5
ERAAnj8ZvUe2L0j1x2Kdu20opuEGVxyU
=7YH3
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list