[Opendnssec-develop] getting rid of HSM callsfrom the communicator

Roland van Rijswijk roland.vanrijswijk at surfnet.nl
Thu Sep 10 10:09:44 UTC 2009

Hi Roy,

Roy Arends wrote:
> If it results in remarkably similar structures, the hash function is
> broken, as each pre-image will be unique per fully qualified domain
> name. Also the zone structure will not be influenced by the salt.
>> This - of course - doesn't hold if the FQDN is the input for the hash,
>> but I haven't checked that, is that the case?
> That is the case

In that case I don't object anymore.

It should - however - be made clear to users what choices they have and
what the tradeoffs are, so perhaps some lines about this in the
documentation are in order ;-)



-- Roland M. van Rijswijk
-- SURFnet Middleware Services
-- t: +31-30-2305388
-- e: roland.vanrijswijk at surfnet.nl

More information about the Opendnssec-develop mailing list