[Opendnssec-develop] Key (HSM) backup
Rickard Bondesson
rickard.bondesson at iis.se
Thu Aug 13 07:43:35 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> > So the default is to be able to use keys that are not backed up? I
> > thought that this was the less desirable option...
>
> in theory yes, but for any practical use no. so I vote for
> the default to use keys before backup (and clearly state in
> the default config file how to enable backup checking)
>
> > Anyway, I'll make sure that a suitably apocalyptic message
> is logged
> > if a non-backed up key becomes active.
>
> right!
Do we also want to have a backup-hook? So OpenDNSSEC can run a command when a backup should be done according to the system.
Maybe the user wants a backup script to be run.
// Rickard
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSoPEJ+CjgaNTdVjaAQhDMgf+JQMvbAYlkcyCCkewV6W0A2/usEfYNbv6
wJCsA3R8KZTmzv321hyeST9lJzG3QlnzuLNT7Tvq8PrEDjIwKsFkizia8FotprK1
63RNOkUOKTi9qet/C+TEZCgpQr1CfdE8SDO2z82mHPBJgiJaSCefBhzT4FV5VXFn
uUu82xMTF8AqNFdgXesl2YrR+FhY+V0fFOIavZy9BQSWw7K3AvoKOiFnB+73vrfI
P3CSNH4v3G0LGwPodMCX26t2TtEbhSLG5vCz9n1ifcuFHGUxuKVki2v7RW9kQP1Z
KSGcM/mmuV/n+JlL0Y7ksVl7w7YvB5H414ziL85XwDRvQaPMoqURbA==
=y+wY
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list