[Opendnssec-develop] Re: Enforcer
John Dickinson
jad at jadickinson.co.uk
Mon Nov 17 15:27:55 UTC 2008
On 17 Nov 2008, at 15:19, Jakob Schlyter wrote:
> On 15 nov 2008, at 01.16, Olaf Kolkman wrote:
>
>> I noticed a 1 to many relation between zones and keys. I can
>> imagine that one KSK and one ZSK private key is in use for many
>> zones e.g. in the context of a webhosting farm.
>
> doesn't sharing keys between zones make key rollover "interesting"?
Also, Wouldn't you only share keys when it was too much effort to
manage a key for each zone. OpenDNSSEC will be so easy to use that
100,000 keys will be no effort at all :)
John
More information about the Opendnssec-develop
mailing list