Hello, > I'm still not convinced these are harmless. But I guess I'm strongly > biased to only depending on a FIPS certified RNG. I think we need to think about where OpenDNSSEC will be used the most, which is our target audience.
FIPS-like requirements are great if you are a TLD, or a large DNS host with many zones. If you are a small shop signing only a couple of zones, then it's too much. It would be great if different target audiences could be defined at run time, but I don't know if it's doable. regards ~Carlos > > Paul > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
