[Opendnssec-develop] hsm-toolkit questions

Roy Arends roy at nominet.org.uk
Wed Mar 11 11:48:18 UTC 2009

While the hsm-toolkit slowly reaches adolescense, I'd like to discuss some 
topics on the subject:

1) The object identifier

We need to identify an object. This can either be done by the LABEL or by 
ID. Please give guidance on which to use, and what the values for this 
identifiers need to be. I remember that 'hash of the key' was mentioned. 
Please advice which algorithm to use. I also need to know if hsm-toolkit 
needs to avoid identifier collisions or not.

2) additional functionality

The software can list, generate and destroy RSA objects from the token. Is 
there interest in additional functionality, or do we want to keep it to 
the bare necessities (list/generate/destroy objects)

3) configurable defaults

Currently, all parameters need to be specified on the command line. Some 
have static defaults. Do we want configurable defaults through a 
configuration file, or no defaults, or the current status quo?



Roy Arends
Sr. Researcher
Nominet UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090311/31af6d61/attachment.htm>

More information about the Opendnssec-develop mailing list