.de DNSSEC issue root cause
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri Jun 12 08:17:17 UTC 2026
On Fri, Jun 12, 2026 at 02:50:28AM +0800,
11;rgb:0000/0000/0000Mukund Sivaraman <muks at mukund.org> wrote
a message of 90 lines which said:
> The article in German has an addendum (English translation by Google
> Translate):
>
> "Addendum from May 11, 2026: There was no "keytag" collision. Rather,
> instead of generating one key pair and storing it on three HSMs, the
> software generated three different key pairs – one for each HSM.
The entire idea of generating keys outside of the HSM defeats the
purpose of a HSM, no?
More information about the dns-operations
mailing list