[dns-operations] .de DNSSEC issue root cause

[Randy Bush]

so i want multiple HSMs to be available to sign dns glorp.  absent
johan's really interesting work, they need to use the same signing
pair.

ideally i could use one HSM to generate the signing pair and use the
backup/restore mechanism to propagate it to the other HSM(s).

but if, for reasons, i want my HSM fleet to be diverse, will they have
compatible backup/restore data fromats and algorithms?

if not, i have to generate externally to the HSMs, yes?

randy