3 Čen
2022
3 Čen
'22
17:58
Hello JP,
I've just realised that the maximum PKCS#11 key label length probably isn't enough
to cover all possible zone names.
Some devices are limited to 32 characters. And the theoretical maximum length of a textual
dname is more than 1000 characters!
Also, the additional key metadata (e.g. KSK, ZSK) can change or one key can be shared by
more zones. So I don't see
a universal format for key labels and I would prefer not to implement it :-)
Best,
Daniel
On 5/6/22 21:37, Jan-Piet Mens wrote:
It's by
design as nobody cared yet :-) I think it's easy to implement it. Unfortunately,
it requires a slight modification of the libdnssec API, so it won't be possible to
backport it to 3.1.
Thanks, Daniel.
A bit of scripting might suffice; pseudo-code as I'm in relax mode away from the
scene
of the crime ;)
keymgr -l | while read z; do
keymgr $z list | while read cka_id rest; do
p11tool --set-label $z ...
done
done
Best,
-JP
--