[Opendnssec-develop] Key (HSM) backup

Jakob Schlyter jakob at kirei.se
Thu Aug 13 07:29:06 UTC 2009

On 13 aug 2009, at 09.25, sion at nominet.org.uk wrote:

> So the default is to be able to use keys that are not backed up? I  
> thought
> that this was the less desirable option...

in theory yes, but for any practical use no. so I vote for the default  
to use keys before backup (and clearly state in the default config  
file how to enable backup checking)

> Anyway, I'll make sure that a suitably apocalyptic message is logged  
> if a
> non-backed up key becomes active.



More information about the Opendnssec-develop mailing list