[Opendnssec-develop] ZSK rollovers
Jakob Schlyter
jakob at kirei.se
Thu May 6 13:03:04 UTC 2010
On 6 maj 2010, at 15.01, Matthijs Mekking wrote:
>>> That rule implies that we always going to use double signature rollover
>>> for KSKs and always going to use pre-publish key rollover for ZSKs
>>
>> for KSK, no - if you use a pre-publish key rollover for the KSK it works as well.
>
> Sure, because you never reuse signatures in this special rule, you can
> do every rollover you want.
the idea is to reuse signatures as long as the set of key signing keys is unchanged.
jakob
More information about the Opendnssec-develop
mailing list