[Opendnssec-user] Key Management: History and Future

Klaus Darilion klaus.mailinglists at pernau.at
Mon Mar 11 15:29:56 UTC 2013


As an ODS newbie I try to understand the key usage of ODS in an existing 
ODS deployment. "ods-hsmutil  list" shows me plenty of keys. Some of 
them are currently used, some of them are "removed", and some of them 
will be used in the future. Unfortunately "ods-ksmutil key list -v" only 
shows me the currently used keys.

So, if I want to delete old keys from the HSM, who do I know which HSM 
keys are deprecated?

Further, is there a way to find out how many of the HSM keys are 
"Generated"? For example I want to know how long ODS can operate before 
running out of keys (e.g. to be included into a monitoring system).


More information about the Opendnssec-user mailing list