[Opendnssec-user] ods-hsmutil
Paul Wouters
paul at nohats.ca
Sat Jul 14 02:06:01 UTC 2012
On Fri, 13 Jul 2012, Rickard Bellgrim wrote:
> Remember that the physical keys are stored in the HSM. We also need
> more properties than just the key values (exponent, modulus, ...).
> This is why we need the KASP Enforcer Database. This database will
> have the "key metadata" like KSK, ZSK, CKA_ID, rollover time stamps,
> etc.
Does ODS generate the rollover tiemstamps for all future keys at that
generation time ? Eg, can you copy the kasp.db after generating the keys
and have identical future rollover timestamps for multiple signers?
Paul
More information about the Opendnssec-user
mailing list