On Fri, 13 Jul 2012, Rickard Bellgrim wrote:
Remember that the physical keys are stored in the HSM. We also need more properties than just the key values (exponent, modulus, ...). This is why we need the KASP Enforcer Database. This database will have the "key metadata" like KSK, ZSK, CKA_ID, rollover time stamps, etc.
Does ODS generate the rollover tiemstamps for all future keys at that generation time ? Eg, can you copy the kasp.db after generating the keys and have identical future rollover timestamps for multiple signers? Paul _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
