[Opendnssec-user] HSM size

Rick van Rein rick at openfortress.nl
Thu Dec 20 18:51:11 CET 2012


Hi Tim,

> HSMs are often limited in the maximum amount of concurrent keys in memory. How many keys per zone (with a unique set of keys for each zone and without key sharing among zones), are at least concurrently required by OpenDNSSEC, to safely ensure rollovers etc. ?

Tongue-in-cheek figure: ten.

Note that you can share keys between zones, although most people don't
use that so it's not heavily tested.

There are HSMs that do not use this license construction, so you could
select one based on that.

-Rick



More information about the Opendnssec-user mailing list