[Opendnssec-user] ods-hsmutil
Siôn Lloyd
sion at nominet.org.uk
Tue Jul 24 14:35:07 UTC 2012
On 14/07/12 03:06, Paul Wouters wrote:
> On Fri, 13 Jul 2012, Rickard Bellgrim wrote:
>
>> Remember that the physical keys are stored in the HSM. We also need
>> more properties than just the key values (exponent, modulus, ...).
>> This is why we need the KASP Enforcer Database. This database will
>> have the "key metadata" like KSK, ZSK, CKA_ID, rollover time stamps,
>> etc.
>
> Does ODS generate the rollover tiemstamps for all future keys at that
> generation time ? Eg, can you copy the kasp.db after generating the keys
> and have identical future rollover timestamps for multiple signers?
>
No, it does not pre-allocate keys to zones or pre-define the lives of
the keys until it has to.
Sion
More information about the Opendnssec-user
mailing list