[Opendnssec-user] HSM size
Rick van Rein
rick at openfortress.nl
Thu Dec 20 17:51:11 UTC 2012
Hi Tim,
> HSMs are often limited in the maximum amount of concurrent keys in memory. How many keys per zone (with a unique set of keys for each zone and without key sharing among zones), are at least concurrently required by OpenDNSSEC, to safely ensure rollovers etc. ?
Tongue-in-cheek figure: ten.
Note that you can share keys between zones, although most people don't
use that so it's not heavily tested.
There are HSMs that do not use this license construction, so you could
select one based on that.
-Rick
More information about the Opendnssec-user
mailing list