[Opendnssec-user] ods-hsmutil

Siôn Lloyd sion at nominet.org.uk
Tue Jul 24 14:35:07 UTC 2012

On 14/07/12 03:06, Paul Wouters wrote:
> On Fri, 13 Jul 2012, Rickard Bellgrim wrote:
>> Remember that the physical keys are stored in the HSM. We also need
>> more properties than just the key values (exponent, modulus, ...).
>> This is why we need the KASP Enforcer Database. This database will
>> have the "key metadata" like KSK, ZSK, CKA_ID, rollover time stamps,
>> etc.
> Does ODS generate the rollover tiemstamps for all future keys at that
> generation time ? Eg, can you copy the kasp.db after generating the keys
> and have identical future rollover timestamps for multiple signers?

No, it does not pre-allocate keys to zones or pre-define the lives of 
the keys until it has to.


More information about the Opendnssec-user mailing list