[Opendnssec-develop] Key (HSM) backup

Jakob Schlyter jakob at kirei.se
Wed Aug 12 20:23:53 UTC 2009

On 12 aug 2009, at 14.46, sion at nominet.org.uk wrote:

>> Yeah, have a tag similar to <NoBackup />
>> The reason to have a negative tag is because you want to opt-in the
>> security features.
>> Is this tag then for
>> <Policy><Keys>
>> Or
>> <Policy>
> Or even a property of the repository?

yes, that makes sense. perhaps something like this:

	Configuration/RepositoryList/Repository/RequireBackup (empty element)

it is a feature you turn on. most people will assume that they don't  
have to flag keys as backed up so the default should be off IMHO.


More information about the Opendnssec-develop mailing list