[Opendnssec-user] Sharedkeys for multiple zones

Jakob Schlyter jakob at kirei.se
Fri Mar 10 06:50:02 UTC 2017


On 2017-03-08 at 12:41, Yuri Schaeffer wrote:

> Thanks. I was hoping you would chip in! Does this then also mean a
> chosen plaintext attack is not an issue in the scenario I described?

As I understand it, this is not an issue when signing.

> Do you have a general advice on shared keys in DNS?

I would consider shared keys only if I had a lot of zones and a HSM with 
limited space and/or other reasons for keeping the number of keys down 
to a minimum.


	jakob



More information about the Opendnssec-user mailing list