[Opendnssec-develop] hsm-toolkit questions
Rick van Rein
rick at openfortress.nl
Wed Mar 11 14:39:40 UTC 2009
> perhaps we should considering setting the CKA_ID to a plain UUID
> like D242124C-B411-4E33-BBB0-44F60C607275
If it is to be treated as a random string I like this one better
than hashing any explicit material. We won't be able to detect
colliding keys though.
> - easy to generate (and no rename after generated needed)
> - will never collide
Fingers crossed... I would always check this sort of "normally" situations.
> - no crypto discussions
Heheh, yeah, it'll make me more quiet for sure ;-)
More information about the Opendnssec-develop