[Opendnssec-develop] hsm-toolkit questions
Rick van Rein
rick at openfortress.nl
Wed Mar 11 14:39:40 UTC 2009
Hello,
> perhaps we should considering setting the CKA_ID to a plain UUID
> instead?
> like D242124C-B411-4E33-BBB0-44F60C607275
If it is to be treated as a random string I like this one better
than hashing any explicit material. We won't be able to detect
colliding keys though.
> - easy to generate (and no rename after generated needed)
Yep.
> - will never collide
Fingers crossed... I would always check this sort of "normally" situations.
> - no crypto discussions
Heheh, yeah, it'll make me more quiet for sure ;-)
Cheers,
-Rick
More information about the Opendnssec-develop
mailing list