[Opendnssec-develop] getting information from the system
rickard.bondesson at iis.se
Mon Aug 10 11:21:16 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
> - What we are talking about here is semi-automatic key
> rollovers, so things like generating and pre-publishing a key
> (where applicable) is done automatically?
Yeah, I do not see any problem of always automatically generating the key and pre-publishing the key.
But you only make the KSK active on the command by the operator. There are no default automatic publication of the KSK, so the rollover should never happen automatically now, right?
> - Do we also want to support manual key rollovers and key
> (and if so, why?)
We never want manual key management once in operation, only when you want to add keys from a previous system. We do want the possibility for manual key rollover, e.g. emergency rollover or planned rollover (but faster than the policy is saying).
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop