[Opendnssec-develop] getting rid of HSM callsfrom the communicator
Antoin Verschuren
Antoin.Verschuren at sidn.nl
Thu Sep 10 08:51:42 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
It would seem the better option to me too to generate the salt at system installation/first startup.
Antoin Verschuren
Technical Policy Advisor SIDN
Utrechtseweg 310, PO Box 5022, 6802 EA Arnhem, The Netherlands
P: +31 26 3525500 F: +31 26 3525505 M: +31 6 23368970
mailto:antoin.verschuren at sidn.nl xmpp:antoin at jabber.sidn.nl http://www.sidn.nl/
> -----Original Message-----
> From: opendnssec-develop-bounces at lists.opendnssec.org [mailto:opendnssec-
> develop-bounces at lists.opendnssec.org] On Behalf Of Alexd at nominet.org.uk
> Sent: Wednesday, September 09, 2009 4:12 PM
> To: Roy Arends
> Cc: Opendnssec-develop at lists.opendnssec.org; opendnssec-develop-
> bounces at lists.opendnssec.org
> Subject: Re: [Opendnssec-develop] getting rid of HSM callsfrom the
> communicator
>
> > As for opendnssec, we'd need to make sure that automated re-salting
> > is off by default. Preferably ship it with a default salt.
>
> Really?!
>
> Would it not be safer to make the salt randomly generated on a per-
> installation basis?
>
>
> Alex.
-----BEGIN PGP SIGNATURE-----
Version: 9.6.3 (Build 3017)
wsBVAwUBSqi+HjqHrM883AgnAQjLnwf/TYpaR1u7vo6SojfatWqpRS8CLwF2ZMKx
QfHQr8zuLRCVSCFPmmD0SU/tjc0PnUVc2NlcmIs9KAQJ/jx6Hx/hNJKUdHXg18Rv
JEwu67JCMjy7GwAxytnn0hTJZLM58uYQ1rMZjib1S1y2eumXzHX6jKw+87K0iqfI
4C7M5PTqDtW4cSiwNmyWftdDDAyLnruhz7r91hzkA9Nj9cQwgPoDGcA5iyGzMdsz
5/daHxicnKynTRRpJVL27TAABJ6H5hXepTUMOFBlLXpoqFg5CgEYG2pMJGOdX1lB
O+ZjxspXD1rsAOGfTS9q1sOtRovqbwMLyAK36z8gmllbeZD/8BOo/Q==
=kft3
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list