hi, I have tried the DNSSEC sign testing according the document, https://kb.isc.org/docs/bind-9-pkcs11 (and section 5.5 of the Bv9ARM of version 9.18.16)
I have two questions about it, 1. since I use HSM(now is softhsm) to store the DNSSEC key, does it more insecure to convert the key(s) from HSM to .private file with dnssec-keyfromlabel ? 2. when I configure KASP policy, I notice that bind will generate new key(s) each time it need, but there is no new object in softhsm generated. Could bind of this version roll the objects in HSM/softhsm ? Thanks in advanced. Best Regards, SUN Guonian And my environment is, bind-9.18.16 opensc-0.42 softhsm-2.6.1 openssl-1.1.1k from system RockyLinux 8
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users