[Opendnssec-develop] Re: Enforcer

John Dickinson jad at jadickinson.co.uk
Mon Nov 17 15:27:55 UTC 2008

On 17 Nov 2008, at 15:19, Jakob Schlyter wrote:

> On 15 nov 2008, at 01.16, Olaf Kolkman wrote:
>> I noticed a 1 to many relation between zones and keys. I can  
>> imagine that one KSK and one ZSK private key is in use for many  
>> zones e.g. in the context of a webhosting farm.
> doesn't sharing keys between zones make key rollover "interesting"?

Also, Wouldn't you only share keys when it was too much effort to  
manage a key for each zone. OpenDNSSEC will be so easy to use that  
100,000 keys will be no effort at all :)


More information about the Opendnssec-develop mailing list