[Opendnssec-develop] getting information from the system

Rickard Bondesson rickard.bondesson at iis.se
Mon Aug 10 08:58:40 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> What about lifetime == infinite (while I am thinking about 
> it); for people who only want emergency rollovers.
> 
> Is this required for v1.0?

Or how about having a lifetime for the KSK, but the rollovers are not happening automaticly within libksm. The KSK rollovers can only happen when you issue the command. The KSK lifetime in the policy is then an indication on how often the operator should issue the KSK-roll-command.

The KSK lifetime is then used by the auditor to notify the operator that it should now (within two weeks, one week, 3 days, or 1 day) issue the KSK-roll-command to be able to follow the given policy.

// Rickard
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8

wsBUAwUBSn/hQOCjgaNTdVjaAQjGQAf4i7o9cgBCpB8p02IFARb1vpHks8h1CflR
YPbyz6DXu/g28lWLdTghjCL2A60WZEfzc9MWQV8IsPRbrq1qrSNUJaY69XAzHZu9
NS+hKAQ0lFfC6iQLt+zch1O0olrn2osLj5+NvwM8A7LyH3PSnXNK0HiPO3mAni4D
uGxV3LJM3qto4VwwKsJGHhIJsgkiZk+ca1v4HnfwfR0IZx92XWCrACE1wkzxr8kG
FWxShdmwwfAyxtxJSj220kslZGZ/ggkfMLWNxY3gWukL2QDtTIswFZFLqnZyvaz9
sYa4n7Hf1Q6MbAyTyIUYcgx2WTYU2PbF8clQAlvXGlkkm6u5+Dsh
=veVA
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list