[Opendnssec-develop] getting information from the system

Rickard Bondesson rickard.bondesson at iis.se
Mon Aug 10 11:21:16 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> - What we are talking about here is semi-automatic key 
> rollovers, so things like generating and pre-publishing a key 
> (where applicable) is done automatically?

Yeah, I do not see any problem of always automatically generating the key and pre-publishing the key.

But you only make the KSK active on the command by the operator. There are no default automatic publication of the KSK, so the rollover should never happen automatically now, right?

> - Do we also want to support manual key rollovers and key 
> management?  
> (and if so, why?)

We never want manual key management once in operation, only when you want to add keys from a previous system. We do want the possibility for manual key rollover, e.g. emergency rollover or planned rollover (but faster than the policy is saying).

// Rickard
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8

wsBVAwUBSoACrOCjgaNTdVjaAQgQWAf/RyaZeLmlwpXAcA8EeppCity5ysBgwZDE
nKjrsxZte3JGF0f7BBCk0bcjIukdjtsUxJF+hDxURgTpXv+XBrglS+XnTLGKfS2g
hr5SJkDn/D5zMSdEgbtDx+Q6j27W8Qlk2P0yiy5SUNUHZi9eUOY3OJWy8FiHFjbJ
UHwIdb6a50UOYClrXH8+uLi50Uk9e8L2jpdp9+ffVV1VDT/i4XuYZOMbnTfF5+iL
k6XEXC2awCKWOWkkuC8LBdrhvescN576Bg4DOmAnOOjYeMHrUbCmhooQK2oNRyDr
7292uSZO8gj/I8aFax0L9ctkh0lVOnsKAWX0pn7NHWVuCoA8Hokd5A==
=99ZP
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list