[Opendnssec-develop] HSMs use UTF-8 characters

Jakob Schlyter jakob at kirei.se
Tue May 20 20:42:44 UTC 2014

As an OpenDNSSEC installation and associated HSMs should be considered a trusted system, I'm a bit reluctant to change. There is very low risk and I cannot see any realistic attacks to the current implemention. The only component creating keys in the repositories are OpenDNSSEC itself and we control that code. The remaining attack vectors would be imported keys, token labels and PINs.

Is fixing this worth the effort? If the fix is easy, go ahead. But change always introducing risk as well.


More information about the Opendnssec-develop mailing list