[Opendnssec-develop] hsm-toolkit questions

Rick van Rein rick at openfortress.nl
Wed Mar 11 14:39:40 UTC 2009


> perhaps we should considering setting the CKA_ID to a plain UUID  
> instead?
> like D242124C-B411-4E33-BBB0-44F60C607275

If it is to be treated as a random string I like this one better
than hashing any explicit material.  We won't be able to detect
colliding keys though.

> - easy to generate (and no rename after generated needed)


> - will never collide

Fingers crossed... I would always check this sort of "normally" situations.

> - no crypto discussions

Heheh, yeah, it'll make me more quiet for sure ;-)


More information about the Opendnssec-develop mailing list