[Opendnssec-user] Sharedkeys for multiple zones
Jakob Schlyter
jakob at kirei.se
Fri Mar 10 06:50:02 UTC 2017
On 2017-03-08 at 12:41, Yuri Schaeffer wrote:
> Thanks. I was hoping you would chip in! Does this then also mean a
> chosen plaintext attack is not an issue in the scenario I described?
As I understand it, this is not an issue when signing.
> Do you have a general advice on shared keys in DNS?
I would consider shared keys only if I had a lot of zones and a HSM with
limited space and/or other reasons for keeping the number of keys down
to a minimum.
jakob
More information about the Opendnssec-user
mailing list