[Opendnssec-develop] Key (HSM) backup
Jakob Schlyter
jakob at kirei.se
Wed Aug 12 20:23:53 UTC 2009
On 12 aug 2009, at 14.46, sion at nominet.org.uk wrote:
>> Yeah, have a tag similar to <NoBackup />
>> The reason to have a negative tag is because you want to opt-in the
>> security features.
>>
>> Is this tag then for
>>
>> <Policy><Keys>
>>
>> Or
>>
>> <Policy>
>
> Or even a property of the repository?
yes, that makes sense. perhaps something like this:
Configuration/RepositoryList/Repository/RequireBackup (empty element)
it is a feature you turn on. most people will assume that they don't
have to flag keys as backed up so the default should be off IMHO.
jakob
More information about the Opendnssec-develop
mailing list